epel-devel November 2023

epel-devel@lists.fedoraproject.org

14 participants
90 discussions

Proposed incompatible security update for llhttp in EPEL9
by Ben Beasley 06 Dec '23

06 Dec '23

This email proposes upgrading the llhttp package in EPEL9 from 6.0.10 to 8.1.1, which would break the ABI and bump the SONAME version, under the EPEL Incompatible Upgrades Policy[1]. The llhttp package is a C library (transpiled from TypeScript) that provides the low-level HTTP support for NodeJS and for python-aiohttp. Currently, only python-aiohttp depends on the llhttp package in EPEL9. Versions of llhttp prior to 8.1.1 are affected by CVE-2023-30589[2], an HTTP request smuggling vulnerability rated 7.7 HIGH in CVSS v3 and rated Moderate by Red Hat. The GitHub advisory for llhttp is GHSA-cggh-pq45-6h9x[3]; the advisory for python-aiohttp is GHSA-45c4-8wx5-qw6w[4]. Upstream for python-aiohttp fixed this by updating llhttp (which they bundle, but we unbundle) in release 3.8.5. I am not comfortable attempting to backport the fix to an older release of llhttp. My preferred solution would be to update llhttp to 8.1.1[5] and (in the same side tag) update python-aiohttp to 3.8.5[6]. The ABI break in llhttp would only affect python-aiohttp; the python-aiohttp update itself is compatible (by upstream intent, and verified in COPR[7]); and a number of packages that depend on python-aiohttp would benefit from the fix. If this exception request is not approved, my fallback plan is to propose rebuilding python-aiohttp in EPEL9 with AIOHTTP_NO_EXTENSIONS=1, which would convert it to a pure-Python package. This is a documented mitigation, but comes with potentially serious performance regressions, again affecting a number of dependent packages. The llhttp package would become a leaf package and would remain unpatched. The same incompatible update was approved by FESCo for Fedora 37[8]. The purpose of this email is to document and explain the proposed update, to begin the minimum one-week discussion period mandated by the EPEL Incompatible Upgrades Policy, and to request that the update be added to the agenda for an upcoming EPEL meeting. [1] https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades… [2] https://access.redhat.com/security/cve/CVE-2023-30589 [3] https://github.com/advisories/GHSA-cggh-pq45-6h9x [4] https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w [5] https://src.fedoraproject.org/rpms/llhttp/pull-request/14 [6] https://src.fedoraproject.org/rpms/python-aiohttp/pull-request/26 [7] https://copr.fedorainfracloud.org/coprs/music/aiohttp-epel9/packages/ [8] https://pagure.io/fesco/issue/3049

3 6

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 29 Nov '23

29 Nov '23

The following builds have been pushed to Fedora EPEL 8 updates-testing gcc-epel-8.5.0-21.el8 Details about builds: ================================================================================ gcc-epel-8.5.0-21.el8 (FEDORA-EPEL-2023-2462751ea6) Various compilers (C, C++, Objective-C, ...) -------------------------------------------------------------------------------- Update Information: - backport from 8.5.0-21: guard the bit test merging code in if-combine (RHEL-11483) - backport from 8.5.0-20: fix for TLSLD references (#2213753) - backport from 8.5.0-20: fix crash in `dynamic_cast<>()` on null pointer (PR c++/99074, #2211506) - backport from 8.5.0-20: adjust a pattern in `s390.md` (PR target/87723, #2214847) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Robert Scheck <robert(a)fedoraproject.org> 8.5.0-21 - disable bootstrap mode and rebuild using gcc-epel-8.5.0-20.el8 * Wed Nov 29 2023 Robert Scheck <robert(a)fedoraproject.org> 8.5.0-20 - backport from 8.5.0-21: guard the bit test merging code in if-combine (RHEL-11483) - backport from 8.5.0-20: fix for TLSLD references (#2213753) - backport from 8.5.0-20: fix crash in dynamic_cast<>() on null pointer (PR c++/99074, #2211506) - backport from 8.5.0-20: adjust a pattern in s390.md (PR target/87723, #2214847) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2252062 - gcc-epel out of date compared to gcc https://bugzilla.redhat.com/show_bug.cgi?id=2252062 --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 29 Nov '23

29 Nov '23

The following Fedora EPEL 9 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a05f8b1eb opendkim-2.11.0-0.36.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing aom-3.7.1-1.el9 plasma-workspace-5.27.6-1.el9.1 rust-addr2line-0.21.0-1.el9 rust-backtrace-0.3.69-1.el9 rust-fallible-iterator-0.3.0-1.el9 rust-gimli-0.28.1-1.el9 rust-object-0.32.1-1.el9 rust-ruzstd-0.5.0-1.el9 rust-test-assembler-0.1.6-4.el9 rust-twox-hash-1.6.3-4.el9 Details about builds: ================================================================================ aom-3.7.1-1.el9 (FEDORA-EPEL-2023-3a7769d603) Royalty-free next-generation video format -------------------------------------------------------------------------------- Update Information: Update to version 3.7.1. Release notes: https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.7.1-1 - Update to version 3.7.1; Fixes RHBZ#2250720 -------------------------------------------------------------------------------- ================================================================================ plasma-workspace-5.27.6-1.el9.1 (FEDORA-EPEL-2023-23d5c0f507) Plasma workspace, applications and applets -------------------------------------------------------------------------------- Update Information: Fix so sddm does not have a blank startup page -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Troy Dawson <tdawson(a)redhat.com> - 5.27.6-1.1 - Requires: desktop-backgrounds-compat for RHEL -------------------------------------------------------------------------------- ================================================================================ rust-addr2line-0.21.0-1.el9 (FEDORA-EPEL-2023-b23efc1127) Cross-platform symbolication library written in Rust, using gimli -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.21.0-1 - Update to version 0.21.0; Fixes RHBZ#2187037 * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.19.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-backtrace-0.3.69-1.el9 (FEDORA-EPEL-2023-b23efc1127) Library to acquire a stack trace (backtrace) at runtime in a Rust program -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.69-1 - Update to version 0.3.69; Fixes RHBZ#2218705 * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.67-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-fallible-iterator-0.3.0-1.el9 (FEDORA-EPEL-2023-b23efc1127) Fallible iterator traits -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.0-1 - Update to version 0.3.0 * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.0-14 - Regenerate with rust2rpm v24 -------------------------------------------------------------------------------- ================================================================================ rust-gimli-0.28.1-1.el9 (FEDORA-EPEL-2023-b23efc1127) Library for reading and writing the DWARF debugging format -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.28.1-1 - Update to version 0.28.1; Fixes RHBZ#2231677 * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.27.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-object-0.32.1-1.el9 (FEDORA-EPEL-2023-b23efc1127) Unified interface for reading and writing object file formats -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.32.1-1 - Update to version 0.32.1; Fixes RHBZ#2186956 * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.30.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-ruzstd-0.5.0-1.el9 (FEDORA-EPEL-2023-b23efc1127) Decoder for the zstd compression format -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.0-1 - Initial import (#2252142) -------------------------------------------------------------------------------- ================================================================================ rust-test-assembler-0.1.6-4.el9 (FEDORA-EPEL-2023-b23efc1127) Set of types for building complex binary streams -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Nov 9 2021 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.6-1 - Update to version 0.1.6; Fixes RHBZ#2002688 * Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.5-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.5-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-twox-hash-1.6.3-4.el9 (FEDORA-EPEL-2023-b23efc1127) Rust implementation of the XXHash and XXH3 algorithms -------------------------------------------------------------------------------- Update Information: - Update the backtrace crate to version 0.3.69. - Update the addr2line crate to version 0.21.0. - Update the gimli crate to version 0.28.1. - Update the object crate to version 0.32.1. - Update the fallible-iterator crate to version 0.3.0. - Import the packages for the twox-hash and test-assembler crates into EPEL9. - Initial packaging of the ruzstd crate. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 5 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.6.3-4 - Prevent useless example binary from being installed * Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed May 4 2022 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.6.3-1 - Update to 1.6.3 (#2081798) * Tue Apr 5 2022 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.6.2-1 - Initial import (#2064142) --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 28 Nov '23

28 Nov '23

The following Fedora EPEL 9 Security updates need testing: Age URL 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9a05f8b1eb opendkim-2.11.0-0.36.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing libarrow-9.0.0-10.el9 liborc-1.8.6-1.el9 php-Smarty-3.1.48-2.el9 php-smarty-gettext-1.7.0-2.el9 python-installer-0.7.0-3.el9 receptor-1.4.3-1.el9 secilc-3.5-1.el9 syncthing-1.26.1-1.el9 tomlplusplus-3.4.0-1.el9 veccore-0.8.1-1.el9 Details about builds: ================================================================================ libarrow-9.0.0-10.el9 (FEDORA-EPEL-2023-ff09e55f60) A toolbox for accelerated data interchange and in-memory processing -------------------------------------------------------------------------------- Update Information: Apache Arrow 9.0.0, rebuild with liborc 1.8.6 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-10 - Arrow 9.0.0, rebuild with liborc 1.8.6 * Fri Jun 30 2023 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-9 - Arrow 9.0.0, rebuild with thrift 0.15.0 * Wed Sep 7 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-8 - Arrow 9.0.0, actual rebuild with liborc 1.8.0 * Wed Sep 7 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-7 - Arrow 9.0.0, rebuild with xsimd 9.0.1 * Sun Sep 4 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-6 - Arrow 9.0.0, rebuild with liborc 1.8.0 * Mon Aug 22 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 9.0.0-5 - Update pyarrow test patch (PR#13904) * Mon Aug 22 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 9.0.0-4 - Rebuilt for grpc 1.48.0 * Wed Aug 17 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 9.0.0-3 - Use %pyproject_save_files to fix pyarrow metadata - Use generated BR��s for pyarrow - Add import-only ��smoke tests�� for pyarrow - Stop requiring SSE4.2 on x86-family platforms - Correct ARROW_WITH_XSIMD; should be ARROW_USE_XSIMD - Enable more optional functionality in pyarrow - Fix pyarrow tests installed despite PYARROW_INSTALL_TESTS=0 * Wed Aug 10 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-2 - Arrow 9.0.0, enable python, i.e. python3-pyarrow, subpackage * Wed Aug 3 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 9.0.0-1 - Arrow 9.0.0 GA * Thu Jul 21 2022 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 8.0.1-1 - Apache Arrow 8.0.1 GA -------------------------------------------------------------------------------- ================================================================================ liborc-1.8.6-1.el9 (FEDORA-EPEL-2023-130cd06ed4) Library for producing small, fast columnar storage for Hadoop workloads -------------------------------------------------------------------------------- Update Information: Apache ORC 1.8.6 GA -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 1.8.6-1 - 1.8.6 GA -------------------------------------------------------------------------------- ================================================================================ php-Smarty-3.1.48-2.el9 (FEDORA-EPEL-2023-5a87d7c8b9) Smarty - the compiling PHP template engine -------------------------------------------------------------------------------- Update Information: First EPEL 9 build. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.48-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Mon Apr 3 2023 Shawn Iwinski <shawn(a)iwin.ski> - 3.1.48-1 - Update to 3.1.48 - CVE-2023-28447 (RHBZ #2183911, 2183912, 2183913, 2183914) * Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Oct 14 2022 Shawn Iwinski <shawn(a)iwin.ski> - 3.1.47-1 - Update to 3.1.47 - CVE-2022-29221 (RHBZ #2088250, 2088251) - CVE-2021-29454 (RHBZ #2044970, 2044971) - CVE-2021-21408 (RHBZ #2043595, 2043596) - Security update (RHBZ #2126854, 2126855, 2126856) * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2219389 - php-Smarty for EPEL 9 https://bugzilla.redhat.com/show_bug.cgi?id=2219389 -------------------------------------------------------------------------------- ================================================================================ php-smarty-gettext-1.7.0-2.el9 (FEDORA-EPEL-2023-2f7ed2ffad) Gettext support for Smarty -------------------------------------------------------------------------------- Update Information: First EPEL 9 build. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 16 2023 Xavier Bachelot <xavier(a)bachelot.org> - 1.7.0-2 - Provide autoloader - Run test suite * Mon Jul 17 2023 Xavier Bachelot <xavier(a)bachelot.org> - 1.7.0-1 - Initial package -------------------------------------------------------------------------------- ================================================================================ python-installer-0.7.0-3.el9 (FEDORA-EPEL-2023-4f32c35352) A library for installing Python wheels -------------------------------------------------------------------------------- Update Information: python3-installer, Initial build for epel9 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Python Maint <python-maint(a)redhat.com> - 0.7.0-2 - Rebuilt for Python 3.12 * Wed Mar 22 2023 Tom�� Hrn��iar <thrnciar(a)redhat.com> - 0.7.0-1 - Update to 0.7.0 * Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 28 2022 Charalampos Stratakis <cstratak(a)redhat.com> - 0.5.1-1 - Initial package (rhbz#2111707) -------------------------------------------------------------------------------- ================================================================================ receptor-1.4.3-1.el9 (FEDORA-EPEL-2023-305220c1ac) Multi-service relayer with remote execution and orchestration capabilities -------------------------------------------------------------------------------- Update Information: Update to 1.4.3 and removed unneeded items -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Andrew Heath <anheath(a)redhat.com> - 1.4.3-1 - Update to 1.4.3 and removed unneeded script -------------------------------------------------------------------------------- ================================================================================ secilc-3.5-1.el9 (FEDORA-EPEL-2023-c802135b17) The SELinux CIL Compiler -------------------------------------------------------------------------------- Update Information: Add secilc-3.5 to epel9 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 24 2023 Petr Lautrbach <lautrbach(a)redhat.com> - 3.5-1 - SELinux userspace 3.5 release * Tue Feb 14 2023 Petr Lautrbach <lautrbach(a)redhat.com> - 3.5-0.rc3.1 - SELinux userspace 3.5-rc3 release * Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.5-0.rc2.1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Jan 16 2023 Petr Lautrbach <lautrbach(a)redhat.com> - 3.5-0.rc2.1 - SELinux userspace 3.5-rc2 release * Tue Dec 27 2022 Petr Lautrbach <lautrbach(a)redhat.com> - 3.5-0.rc1.1 - SELinux userspace 3.5-rc1 release * Tue Nov 22 2022 Petr Lautrbach <lautrbach(a)redhat.com> - 3.4-4 - Rebase on upstream f56a72ac9e86 * Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed May 25 2022 Petr Lautrbach <plautrba(a)redhat.com> - 3.4-2 - rebuilt * Thu May 19 2022 Petr Lautrbach <plautrba(a)redhat.com> - 3.4-1 - SELinux userspace 3.4 release * Tue May 10 2022 Petr Lautrbach <plautrba(a)redhat.com> - 3.4-0.rc3.1 - SELinux userspace 3.4-rc3 release * Fri Apr 22 2022 Petr Lautrbach <plautrba(a)redhat.com> - 3.4-0.rc2.1 - SELinux userspace 3.4-rc2 release * Wed Apr 13 2022 Petr Lautrbach <plautrba(a)redhat.com> - 3.4-0.rc1.1 - SELinux userspace 3.4-rc1 release * Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Oct 22 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.3-1 - SELinux userspace 3.3 release * Mon Oct 11 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.3-0.rc3.1 - SELinux userspace 3.3-rc3 release * Wed Sep 29 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.3-0.rc2.1 - SELinux userspace 3.3-rc2 release * Wed Aug 4 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.2-4.1 - Require libsepol version same or bigger as it was used to build this package * Thu Jul 29 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.2-3 - Rebase on upstream commit 32611aea6543 - Introduce secil2tree program * Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon Mar 8 2021 Petr Lautrbach <plautrba(a)redhat.com> - 3.2-1 - SELinux userspace 3.2 release -------------------------------------------------------------------------------- ================================================================================ syncthing-1.26.1-1.el9 (FEDORA-EPEL-2023-43e1bcb572) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 1.26.1. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.26.1-1 - Update to version 1.26.1; Fixes RHBZ#2250334 -------------------------------------------------------------------------------- ================================================================================ tomlplusplus-3.4.0-1.el9 (FEDORA-EPEL-2023-795635979f) Header-only TOML config file parser and serializer for C++17 -------------------------------------------------------------------------------- Update Information: update to 3.4.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 topazus <topazus(a)outlook.com> - 3.4.0-1 - update to 3.4.0 * Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251834 - tomlplusplus-3.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251834 -------------------------------------------------------------------------------- ================================================================================ veccore-0.8.1-1.el9 (FEDORA-EPEL-2023-e3aa2609e6) C++ Library for Portable SIMD Vectorization -------------------------------------------------------------------------------- Update Information: initial packaging -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 topazus <topazus(a)outlook.com> - 0.8.1-1 - initial import (RHBZ#2225003) --------------------------------------------------------------------------------

1 0

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 28 Nov '23

28 Nov '23

The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-330054b0a8 dbus-broker-28-4.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing clazy-1.11-10.el8 libarrow-8.0.1-2.el8 libkdumpfile-0.5.4-1.el8 liborc-1.7.10-1.el8 php-Smarty-3.1.48-2.el8 php-smarty-gettext-1.7.0-2.el8 scorep-6.0-20.el8 syncthing-1.26.1-1.el8 Details about builds: ================================================================================ clazy-1.11-10.el8 (FEDORA-EPEL-2023-13f7894087) Qt oriented code checker based on clang framework -------------------------------------------------------------------------------- Update Information: Fix build with GCC 8 for EPEL 8 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Thomas Zimmermann <thomas.zimmermann(a)voestalpine.com> - 1.11-10 - Fix build with GCC 8 for EPEL 8 * Wed Sep 6 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-9 - Rebuild (clang-17) * Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.11-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Apr 13 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-7 - Rebuild against fixed clang * Thu Apr 13 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-6 - Rebuild (clang-16) * Tue Apr 11 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-5 - Rebuild (clang-16) * Mon Feb 20 2023 Neal Gompa <ngompa(a)fedoraproject.org> - 1.11-4 - Explicitly Require: specific major version of Clang * Tue Jan 31 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-3 - migrated to SPDX license * Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jan 18 2023 Jan Grulich <jgrulich(a)redhat.com> - 1.11-1 - 1.11 * Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Sat May 1 2021 FeRD (Frank Dana) <ferdnyc(a)gmail.com> - 1.9-1 - New upstream release 1.9 - Build against LLVM-12 for clang-12 in Fedora 34+ - Drop upstreamed patches * Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Fri Jan 22 2021 Tom Stellard <tstellar(a)redhat.com> - 1.7-2 - Rebuild for clang-11.1.0 * Mon Oct 26 2020 Jan Grulich <jgrulich(a)redhat.com> - 1.6-7 - Update 1.7 * Sat Aug 1 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6-6 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jul 9 2020 Jan Grulich <jgrulich(a)redhat.com> - 1.6-4 - Fix build against LLVM 10 * Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Dec 13 2019 Tom Stellard <tstellar(a)redhat.com> - 1.6-2 - Link against libclang-cpp.so - https://fedoraproject.org/wiki/Changes/Stop-Shipping-Individual-Component-L… * Wed Oct 30 2019 Jan Grulich <jgrulich(a)redhat.com> - 1.6-1 - 1.6 * Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Tue Apr 30 2019 Tom Stellard <tstellar(a)redhat.com> - 1.5-2 - Rebuild for clang-8.0.0 * Sun Feb 3 2019 Jan Grulich <jgrulich(a)redhat.com> - 1.5-1 - Update to 1.5 * Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Dec 3 2018 Jan Grulich <jgrulich(a)redhat.com> - 1.4-2 - Require clang * Tue Oct 2 2018 Jan Grulich <jgrulich(a)redhat.com> - 1.4-1 - Initial version -------------------------------------------------------------------------------- References: [ 1 ] Bug #2209263 - [EPEL8] Please branch and build clazy in epel8 https://bugzilla.redhat.com/show_bug.cgi?id=2209263 -------------------------------------------------------------------------------- ================================================================================ libarrow-8.0.1-2.el8 (FEDORA-EPEL-2023-c612dc6b0d) A toolbox for accelerated data interchange and in-memory processing -------------------------------------------------------------------------------- Update Information: Apache Arrow 8.0.1 rebuilt for liborc-1.7.10 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 8.0.1-2 - Apache Arrow 8.0.1, rebuild with liborc-1.7.10 -------------------------------------------------------------------------------- ================================================================================ libkdumpfile-0.5.4-1.el8 (FEDORA-EPEL-2023-114e550b97) Kernel coredump file access -------------------------------------------------------------------------------- Update Information: - Full support for 64-bit RISC-V. - Improved error messages. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Michel Lind <salimma(a)fedoraproject.org> - 0.5.4-1 - Update to 0.5.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2250488 - libkdumpfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250488 -------------------------------------------------------------------------------- ================================================================================ liborc-1.7.10-1.el8 (FEDORA-EPEL-2023-ab410f12f4) Library for producing small, fast columnar storage for Hadoop workloads -------------------------------------------------------------------------------- Update Information: Apache ORC 1.7.10 GA -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Kaleb S. KEITHLEY <kkeithle [at] redhat.com> - 1.7.10-1 - 1.7.10 GA -------------------------------------------------------------------------------- ================================================================================ php-Smarty-3.1.48-2.el8 (FEDORA-EPEL-2023-8161395652) Smarty - the compiling PHP template engine -------------------------------------------------------------------------------- Update Information: First EPEL 8 build. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.48-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Mon Apr 3 2023 Shawn Iwinski <shawn(a)iwin.ski> - 3.1.48-1 - Update to 3.1.48 - CVE-2023-28447 (RHBZ #2183911, 2183912, 2183913, 2183914) * Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Oct 14 2022 Shawn Iwinski <shawn(a)iwin.ski> - 3.1.47-1 - Update to 3.1.47 - CVE-2022-29221 (RHBZ #2088250, 2088251) - CVE-2021-29454 (RHBZ #2044970, 2044971) - CVE-2021-21408 (RHBZ #2043595, 2043596) - Security update (RHBZ #2126854, 2126855, 2126856) * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.33-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Fri Feb 22 2019 Shawn Iwinski <shawn(a)iwin.ski> - 3.1.33-1 - Update to 3.1.33 - RHBZ #s: 1532492, 1532493, 1532494, 1628739, 1628740, 1628741, 1631095, 1631096, 1631098 - CVEs: CVE-2017-1000480, CVE-2018-13982, CVE-2018-16831 - License LGPLv2+ => LGPLv3 * Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Feb 4 2016 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.21-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Thu Jun 18 2015 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.1.21-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Thu Oct 23 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.21-2 - Fix requires * Thu Oct 23 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.21-1 - New upstream release - Fix version constant * Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.20-1 - New upstream release * Thu Jul 31 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.19-2 - Add composer provides * Wed Jul 30 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.19-1 - Last upstream release * Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.1.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat May 10 2014 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.18-1 - Last upstream release * Sun Dec 22 2013 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.16-1 - Last upstream release * Sun Dec 8 2013 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.15-1 - Last upstream release * Thu Aug 8 2013 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.14-1 - Last upstream release * Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.1.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Feb 12 2013 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.13-1 - Last upstream release - Missing mbstring require * Sun Nov 25 2012 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.12-2 - Really fix requires (see bz #700179 comment #30) * Sun Nov 25 2012 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.12-1 - Update to 3.1.12 - Remove CVE-2012-4437 patch that has been included in that release - Requires php-common instead of php * Thu Sep 20 2012 Jon Ciesla <limburgher(a)gmail.com> - 3.1.11-1 - Update to 3.1.11, patch for CVE-2012-4437, BZ 858989. * Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 3.1.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Jun 22 2012 Johan Cwiklinski <johan AT x-tnd DOT be> - 3.1.10-1 - Update to 3.1.10 * Mon May 7 2012 Jon Ciesla <limburgher(a)gmail.com> - 3.1.8-1 - Update to 3.1.8, BZ 819162. * Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.6.26-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.6.26-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sun Oct 11 2009 Christopher Stone <chris.stone(a)gmail.com> 2.6.26-1 - Upstream sync - Update %source0 and %URL * Sun Jul 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.6.25-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Mon May 25 2009 Christopher Stone <chris.stone(a)gmail.com> 2.6.25-1 - Upstream sync * Thu Feb 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.6.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sun Nov 2 2008 Christopher Stone <chris.stone(a)gmail.com> 2.6.20-2 - Add security patch (bz #469648) - Add RHL dist tag conditional for Requires * Mon Oct 13 2008 Christopher Stone <chris.stone(a)gmail.com> 2.6.20-1 - Upstream sync * Wed Feb 20 2008 Christopher Stone <chris.stone(a)gmail.com> 2.6.19-1 - Upstream sync - Update %license - Fix file encoding * Sun Apr 29 2007 Christopher Stone <chris.stone(a)gmail.com> 2.6.18-1 - Upstream sync * Wed Feb 21 2007 Christopher Stone <chris.stone(a)gmail.com> 2.6.16-2 - Minor spec file changes/cleanups * Fri Feb 9 2007 Orion Poplawski <orion(a)cora.nwra.com> 2.6.16-1 - Update to 2.6.16 - Install in /usr/share/php/Smarty - Update php version requirement * Tue May 16 2006 Orion Poplawski <orion(a)cora.nwra.com> 2.6.13-1 - Update to 2.6.13 * Tue Nov 1 2005 Orion Poplawski <orion(a)cora.nwra.com> 2.6.10-2 - Fix Source0 URL. * Thu Oct 13 2005 Orion Poplawski <orion(a)cora.nwra.com> 2.6.10-1 - Initial Fedora Extras version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1818971 - Please package php-Smarty for EPEL-8 https://bugzilla.redhat.com/show_bug.cgi?id=1818971 -------------------------------------------------------------------------------- ================================================================================ php-smarty-gettext-1.7.0-2.el8 (FEDORA-EPEL-2023-4740a7a075) Gettext support for Smarty -------------------------------------------------------------------------------- Update Information: First EPEL 8 build. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 16 2023 Xavier Bachelot <xavier(a)bachelot.org> - 1.7.0-2 - Provide autoloader - Run test suite * Mon Jul 17 2023 Xavier Bachelot <xavier(a)bachelot.org> - 1.7.0-1 - Initial package -------------------------------------------------------------------------------- ================================================================================ scorep-6.0-20.el8 (FEDORA-EPEL-2023-ff45270302) Scalable Performance Measurement Infrastructure for Parallel Codes -------------------------------------------------------------------------------- Update Information: Rebuild for clang 16 (RHEL 8.9) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 28 2023 Orion Poplawski <orion(a)nwra.com> - 6.0-20 - Rebuild for clang 16 (RHEL 8.9) -------------------------------------------------------------------------------- ================================================================================ syncthing-1.26.1-1.el8 (FEDORA-EPEL-2023-495a499fab) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information: Update to version 1.26.1. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.26.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.26.1-1 - Update to version 1.26.1; Fixes RHBZ#2250334 * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.26.0-1 - Update to version 1.26.0; Fixes RHBZ#2248507 * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.25.0-2 - Ignore some test timeouts on s390x * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.25.0-1 - Update to version 1.25.0; Fixes RHBZ#2242032 * Mon Nov 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.24.0-1 - Update to version 1.24.0; Fixes RHBZ#2237824 --------------------------------------------------------------------------------

1 0

[Fedocal] Reminder meeting : EPEL Steering Committee
by tdawson＠redhat.com 28 Nov '23

28 Nov '23

Dear all, You are kindly invited to the meeting: EPEL Steering Committee on 2023-11-29 from 16:00:00 to 17:00:00 US/Eastern At fedora-meeting(a)chat.fedoraproject.org The meeting will be about: https://chat.fedoraproject.org/#/room/#meeting:fedoraproject.org This is the weekly EPEL Steering Committee Meeting. A general agenda is the following: #topic aloha #topic EPEL Issues https://pagure.io/epel/issues * https://pagure.io/epel/issues?tags=meeting&status=Open #topic Old Business (if needed) #topic General Issues / Open Floor Source: https://calendar.fedoraproject.org//meeting/9854/

1 0

Missing EL sub-package: perl-lasso-epel EPEL only package for perl bindings
by Xavier Bachelot 28 Nov '23

28 Nov '23

Hi, Lasso, as provided in EL7, EL8 and EL9, doesn't have a perl-lasso sub-package, which provides the perl bindings. It is not built for EL7, and is built but not shipped for both EL8 and EL9. Quite some time ago, I have filed a ticket requesting that the perl and python bindings be shipped in EL8 and EL9 [1]. python was just a guess, but it turned out to be correct. It was granted for python, as epsilon as a need for it, but was not for perl. I have since re-opened the ticket, as the software I need the perl bindings for is now available in Fedora, which does have the perl sub-package and thus has SAML support, and also in EPEL, where SAML support is indeed missing [2]. I have prepared a perl-lasso-epel spec file to add missing perl bindings support to EL releases and as this is the first time I go this route, although the EPEL guidelines states this is a review request exception [3], I would like the package to be looked at by people with more experience on the matter [4]. Thanks, Xavier [1] https://bugzilla.redhat.com/show_bug.cgi?id=2041941 [2] https://src.fedoraproject.org/rpms/lemonldap-ng [3] https://docs.fedoraproject.org/en-US/epel/epel-policy-missing-sub-packages/ [4] https://bugzilla.redhat.com/show_bug.cgi?id=2251952

1 0

Fedora EPEL 7 updates-testing report
by updates＠fedoraproject.org 27 Nov '23

27 Nov '23

The following Fedora EPEL 7 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1c906d04ee golang-1.20.10-3.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a371f42add openssl11-1.1.1k-6.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing anope-2.1.0-2.el7 Details about builds: ================================================================================ anope-2.1.0-2.el7 (FEDORA-EPEL-2023-1a96479505) IRC services designed for flexibility and ease of use -------------------------------------------------------------------------------- Update Information: # Anope 2.1.0 - Added `nickserv:minpasslen` for configuring the minimum password length - Added support for access list entry descriptions. - Added support for linking over a UNIX socket. - Added support for server-initiated logins and logouts on UnrealIRCd - Added support for server-initiated logouts on InspIRCd - Added support for the `ANONYMOUS SASL` mechanism - Allowed users to opt-out of being added to channel access lists - Cleaned up the codebase to use Modern C++17 - Modernized the build system to use a modern version of CMake - Removed `nickserv:strictpasswords` as it is obsolete now `nickserv:minpasslen` exists - Removed support for using insecure encryption methods as the primary method - Removed the Windows-only `anopesmtp` tool - Removed the `inspircd12` and `inspircd20` modules (use `inspircd` instead) - Removed the `ns_getpass` module (no supported encryption modules) - Removed the `os_oline` module (no supported IRCds) - Removed the two day X-line cap - Removed the `unreal` module (use `unrealircd` instead) - Renamed `nickserv:passlen` to `nickserv:maxpasslen` - Renamed the `charybdis` module to `solanum` - Renamed the `inspircd3` module to `inspircd` - Renamed the `unreal4` module to `unrealircd` - Replaced `uplink:ipv6` with `uplink:protocol` - Updated all references to IRCServices to refer to Anope instead -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-2 - Reflect upstream configuration file changes and renamings * Sun Nov 26 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-1 - Upgrade to 2.1.0 (#2251530) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251530 - anope-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251530 --------------------------------------------------------------------------------

1 0

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 27 Nov '23

27 Nov '23

The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-330054b0a8 dbus-broker-28-4.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing anope-2.1.0-2.el8 bitcoin-core-selinux-0-11.20231127git4505616.el8 Details about builds: ================================================================================ anope-2.1.0-2.el8 (FEDORA-EPEL-2023-f67d8ae3e9) IRC services designed for flexibility and ease of use -------------------------------------------------------------------------------- Update Information: # Anope 2.1.0 - Added `nickserv:minpasslen` for configuring the minimum password length - Added support for access list entry descriptions. - Added support for linking over a UNIX socket. - Added support for server-initiated logins and logouts on UnrealIRCd - Added support for server-initiated logouts on InspIRCd - Added support for the `ANONYMOUS SASL` mechanism - Allowed users to opt-out of being added to channel access lists - Cleaned up the codebase to use Modern C++17 - Modernized the build system to use a modern version of CMake - Removed `nickserv:strictpasswords` as it is obsolete now `nickserv:minpasslen` exists - Removed support for using insecure encryption methods as the primary method - Removed the Windows-only `anopesmtp` tool - Removed the `inspircd12` and `inspircd20` modules (use `inspircd` instead) - Removed the `ns_getpass` module (no supported encryption modules) - Removed the `os_oline` module (no supported IRCds) - Removed the two day X-line cap - Removed the `unreal` module (use `unrealircd` instead) - Renamed `nickserv:passlen` to `nickserv:maxpasslen` - Renamed the `charybdis` module to `solanum` - Renamed the `inspircd3` module to `inspircd` - Renamed the `unreal4` module to `unrealircd` - Replaced `uplink:ipv6` with `uplink:protocol` - Updated all references to IRCServices to refer to Anope instead -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-2 - Reflect upstream configuration file changes and renamings * Sun Nov 26 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-1 - Upgrade to 2.1.0 (#2251530) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251530 - anope-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251530 -------------------------------------------------------------------------------- ================================================================================ bitcoin-core-selinux-0-11.20231127git4505616.el8 (FEDORA-EPEL-2023-c3a0dc1d80) Bitcoin Core SELinux policy -------------------------------------------------------------------------------- Update Information: Fix policies for daemon case. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Simone Caronni <negativo17(a)gmail.com> - 0-11.20231127git4505616 - Update policies (#2246255). * Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-10.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-9.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-8.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2246255 - SELinux denial of bitcoind reading /etc/bitcoin/bitcoin.conf https://bugzilla.redhat.com/show_bug.cgi?id=2246255 --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 27 Nov '23

27 Nov '23

The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-03f6b44faf chromium-119.0.6045.159-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing anope-2.1.0-2.el9 bitcoin-core-selinux-0-11.20231127git4505616.el9 fapolicy-analyzer-1.2.1-1.el9 gi-docgen-2023.3-1.el9 kronosnet-epel-1.25-2.el9 opendkim-2.11.0-0.36.el9 python-glymur-0.12.9-2.el9 qm-0.6.0-1.el9 Details about builds: ================================================================================ anope-2.1.0-2.el9 (FEDORA-EPEL-2023-be9892be96) IRC services designed for flexibility and ease of use -------------------------------------------------------------------------------- Update Information: # Anope 2.1.0 - Added `nickserv:minpasslen` for configuring the minimum password length - Added support for access list entry descriptions. - Added support for linking over a UNIX socket. - Added support for server-initiated logins and logouts on UnrealIRCd - Added support for server-initiated logouts on InspIRCd - Added support for the `ANONYMOUS SASL` mechanism - Allowed users to opt-out of being added to channel access lists - Cleaned up the codebase to use Modern C++17 - Modernized the build system to use a modern version of CMake - Removed `nickserv:strictpasswords` as it is obsolete now `nickserv:minpasslen` exists - Removed support for using insecure encryption methods as the primary method - Removed the Windows-only `anopesmtp` tool - Removed the `inspircd12` and `inspircd20` modules (use `inspircd` instead) - Removed the `ns_getpass` module (no supported encryption modules) - Removed the `os_oline` module (no supported IRCds) - Removed the two day X-line cap - Removed the `unreal` module (use `unrealircd` instead) - Renamed `nickserv:passlen` to `nickserv:maxpasslen` - Renamed the `charybdis` module to `solanum` - Renamed the `inspircd3` module to `inspircd` - Renamed the `unreal4` module to `unrealircd` - Replaced `uplink:ipv6` with `uplink:protocol` - Updated all references to IRCServices to refer to Anope instead -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-2 - Reflect upstream configuration file changes and renamings * Sun Nov 26 2023 Robert Scheck <robert(a)fedoraproject.org> 2.1.0-1 - Upgrade to 2.1.0 (#2251530) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251530 - anope-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251530 -------------------------------------------------------------------------------- ================================================================================ bitcoin-core-selinux-0-11.20231127git4505616.el9 (FEDORA-EPEL-2023-9285d6ee02) Bitcoin Core SELinux policy -------------------------------------------------------------------------------- Update Information: Fix policies for daemon case. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Simone Caronni <negativo17(a)gmail.com> - 0-11.20231127git4505616 - Update policies (#2246255). * Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-10.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-9.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0-8.20210312giteaa9a04 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2246255 - SELinux denial of bitcoind reading /etc/bitcoin/bitcoin.conf https://bugzilla.redhat.com/show_bug.cgi?id=2246255 -------------------------------------------------------------------------------- ================================================================================ fapolicy-analyzer-1.2.1-1.el9 (FEDORA-EPEL-2023-1d3a960bd8) File Access Policy Analyzer -------------------------------------------------------------------------------- Update Information: Release v1.2.1 for additional details please see the [User Guide](https://github.com/ctc-oss/fapolicy-analyzer/wiki/User-Guide) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 17 2023 John Wass <jwass3(a)gmail.com> 1.2.1-1 - Release v1.2.1 -------------------------------------------------------------------------------- ================================================================================ gi-docgen-2023.3-1.el9 (FEDORA-EPEL-2023-6a56ab97bc) Documentation tool for GObject-based libraries -------------------------------------------------------------------------------- Update Information: ## 2023.3 - 2023-11-25 ### Fixed - Add missing dependency - Add missing test data to the source archive ## 2023.2 - 2023-11-24 ### Added - Use packaging module to properly compare versions - Add "implements" in class definition pseudocode - Ignore the first class instance struct field - Parse default-value attribute - Test the gtk-doc sigil parsing - Support admonitions in docblocks - Add link to the extra content files location in the source repository - Search for GIR XML in `$GI_GIR_PATH` and `/usr/share/gir-1.0` - Add fallback for missing "since" ### Changed - Redesign the search results - Redesign the index for enumeration types ### Fixed - Match dependencies list in the index and sidebar - Use KeyboardEvent.key to focus search input - Build fixes for subproject use - Remove display:flex from headings - Split transfer notes based on direction - Clarify signal flags - Hide build section if empty - Always explicitely use utf-8 when reading/writing files - use `color-scheme: dark` when in dark mode -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2023.3-1 - Update to 2023.3 (close RHBZ#2251397) * Sun Nov 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2023.1-6 - Package LICENSES/ as a directory * Sun Nov 26 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 2023.1-2 - Don��t assume %_smp_mflags is -j%_smp_build_ncpus -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251397 - gi-docgen-2023.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251397 -------------------------------------------------------------------------------- ================================================================================ kronosnet-epel-1.25-2.el9 (FEDORA-EPEL-2023-b37cb1cb2b) Multipoint-to-Multipoint VPN daemon -------------------------------------------------------------------------------- Update Information: Sync kronosnet package version with el9 and merge upstream changes -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Davide Cavalca <dcavalca(a)fedoraproject.org> - 1.25-2 - Sync kronosnet package version with el9 and merge upstream changes -------------------------------------------------------------------------------- ================================================================================ opendkim-2.11.0-0.36.el9 (FEDORA-EPEL-2023-9a05f8b1eb) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information: Add upstream PR that filters Authentication-Results headers correctly to fix CVE-2022-48521. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 15 2023 Diego Herrera <dherrera(a)redhat.com> - 2.11.0-0.36 - Add upstream PR that filters Authentication-Results headers correctly. * Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.11.0-0.35 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2223270 - CVE-2022-48521 opendkim: Authentication-Results fields are not removed correctly [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223270 -------------------------------------------------------------------------------- ================================================================================ python-glymur-0.12.9-2.el9 (FEDORA-EPEL-2023-fb9fc02f29) Interface to the OpenJPEG library for working with JPEG 2000 files -------------------------------------------------------------------------------- Update Information: ## Nov 26, 2023 - v0.12.9 - Fix handling of null-bytes with XML data - Add API references to docs - Qualify on python 3.12 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.9-2 - Fix oversights in the 0.12.9 release process (close RHBZ#2251615) * Mon Nov 27 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.12.9-1 - Update to 0.12.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2251615 - python-glymur-0.12.9.post1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2251615 -------------------------------------------------------------------------------- ================================================================================ qm-0.6.0-1.el9 (FEDORA-EPEL-2023-db0e5aaa76) Containerized environment for running Quality Management software -------------------------------------------------------------------------------- Update Information: v0.6.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 27 2023 Douglas Schilling Landgraf <dougsland(a)redhat.com> - 0.6.0-1 - v0.6.0 --------------------------------------------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel November 2023