The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-de31cb6120 perl-HTML-StripScripts-1.06-22.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a1ed86449c syncthing-1.23.5-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e6d2f056c2 radare2-5.8.6-1.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5b8cf596eb chromium-114.0.5735.106-1.el9

The following builds have been pushed to Fedora EPEL 9 updates-testing

libmd-1.1.0-1.el9 php-theseer-autoload-1.28.0-1.el9 python-events-0.4-1.el9 rust-phf0.8-0.8.0-4.el9 rust-phf_macros0.8-0.8.0-4.el9 rust-phf_shared0.8-0.8.0-4.el9 trafficserver-9.2.1-1.el9 unrealircd-6.1.1-1.el9 whichfont-1.0.6-1.el9

Details about builds:

================================================================================ libmd-1.1.0-1.el9 (FEDORA-EPEL-2023-47fce34296) Library that provides message digest functions from BSD systems -------------------------------------------------------------------------------- Update Information:

# libmd 1.1.0 * man: Add new libmd(7) man page * doc: Move mailing list reference to the end * build: Fix version script linker support detection * build: Fix `configure.ac` indentation * build: Require automake 1.11 * build: Rename `libmd_alias()` to `libmd_strong_alias()` * Remove unused `<assert.h>` * Sync MD2 changes from NetBSD * Sync MD4 changes from OpenBSD * Sync MD5 changes from OpenBSD * Sync RMD160 changes from OpenBSD * Sync SHA1 changes from OpenBSD * Sync SHA2 changes from OpenBSD * test: Add a new `test_eq()` helper function * test: Add cases for SHA224 and SHA512-256 * build: Terminate lists in variables with `# EOL` -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Robert Scheck robert@fedoraproject.org 1.1.0-1 - Upgrade to 1.1.0 (#2214865) * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.0.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2214865 - libmd-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2214865 --------------------------------------------------------------------------------

================================================================================ php-theseer-autoload-1.28.0-1.el9 (FEDORA-EPEL-2023-1f1e5d729d) A tool and library to generate autoload code -------------------------------------------------------------------------------- Update Information:

**Release 1.28.0** * Add support for composer's `vendor-dir` setting when building autoloader based on composer.json and custom vendor directory location -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Remi Collet remi@remirepo.net - 1.28.0-1 - update to 1.28.0 --------------------------------------------------------------------------------

================================================================================ python-events-0.4-1.el9 (FEDORA-EPEL-2023-85aa220394) Bringing the elegance of C# EventHandler to Python -------------------------------------------------------------------------------- Update Information:

Forking for epel 9 -------------------------------------------------------------------------------- ChangeLog:

* Mon May 9 2022 David Hannequin david.hannequin@gmail.com - 0.4-1 - Latest upstream * Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 0.3-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Jul 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.3-13 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 0.3-12 - Rebuilt for Python 3.10 * Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.3-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 0.3-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue May 26 2020 Miro Hron��ok mhroncok@redhat.com - 0.3-9 - Rebuilt for Python 3.9 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2192966 - Please branch and build python-events in epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2192966 --------------------------------------------------------------------------------

================================================================================ rust-phf0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51) Runtime support for perfect hash function data structures -------------------------------------------------------------------------------- Update Information:

Update another batch of Rust packages for the latest Rust spec template from rust2rpm v24. These packages also included fixes to update their license tags and / or add missing license files from upstream. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Fabio Valentini decathorpe@gmail.com - 0.8.0-4 - Regenerate with rust2rpm v24 and add missing license file * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ rust-phf_macros0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51) Macros to generate types in the phf crate -------------------------------------------------------------------------------- Update Information:

Update another batch of Rust packages for the latest Rust spec template from rust2rpm v24. These packages also included fixes to update their license tags and / or add missing license files from upstream. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Fabio Valentini decathorpe@gmail.com - 0.8.0-4 - Regenerate with rust2rpm v24 and add missing license file * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ rust-phf_shared0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51) Support code shared by PHF libraries -------------------------------------------------------------------------------- Update Information:

Update another batch of Rust packages for the latest Rust spec template from rust2rpm v24. These packages also included fixes to update their license tags and / or add missing license files from upstream. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Fabio Valentini decathorpe@gmail.com - 0.8.0-4 - Regenerate with rust2rpm v24 and add missing license file * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ trafficserver-9.2.1-1.el9 (FEDORA-EPEL-2023-faf5368307) Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server -------------------------------------------------------------------------------- Update Information:

Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631, CVE-2023-33933 -------------------------------------------------------------------------------- ChangeLog:

* Tue Jun 13 2023 Jered Floyd jered@redhat.com 9.2.1-1 - Update to upstream 9.2.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2213425 - trafficserver-9.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2213425 --------------------------------------------------------------------------------

================================================================================ unrealircd-6.1.1-1.el9 (FEDORA-EPEL-2023-02e36eafcc) Open Source IRC server -------------------------------------------------------------------------------- Update Information:

# UnrealIRCd 6.1.1 UnrealIRCd 6.1.1 comes with various bug fixes and performance improvements, especially for channels with thousands of users. It also has more options to override settings per security group, for example if you want to give trusted users or bots more rights or higher flood rates than regular users. All these options are now in a single [Special users](https://www.unrealircd.org/docs/Special_users) article on the UnrealIRCd wiki. Other notable features are better connection errors to SSL/TLS users and a new `proxy { }` block for websocket reverse proxies. ## Enhancements * Two new features that are conditionally on: * SSL/TLS users will now correctly receive the error message if they are rejected due to throttling (connect-flood) and some other situations. * DNS lookups are done before throttling. This allows exempting a hostname from both maxperip and connect-flood restrictions. A good example for IRCCloud would be: ``` except ban { mask *.irccloud.com; type { maxperip; connect-flood; } } ``` * Both features are temporarily disabled whenever a [high rate of connection attempts](https://www.unrealircd.org/docs/FAQ#hi-conn-rate) is detected, to save CPU and other resources during such an attack. The default rate is 1000 per second, so this would be unusual to trigger accidentally. * It is now possible to override some set settings per-security group by having a set block with a name, like `set unknown-users { }` * You could use this to set more limitations for unknown-users: ``` set unknown-users { max- channels-per-user 5; static-quit "Quit"; static-part yes; } ``` * Or to set higher values (higher than the normal set block) for trusted users: ``` security-group trusted-bots { account { BotOne; BotTwo; } } set trusted-bots { max- channels-per-user 25; } ``` * Currently the following settings can be used in a `set xxx { }` block: `set::auto-join`, `set::modes-on-connect`, `set::restrict-usermodes`, `set::max-channels-per-user`, `set::static-quit`, `set::static-part.` * See also [Special users](https://www.unrealircd.org/docs/Special_users) in the documentation for applying settings to a security groups. * New [`proxy { }` block](https://www.unrealircd.org/docs/Proxy_block) that can be used for spoofing IP addresses when: * Reverse proxying websocket connections (eg. via NGINX, a load balancer or other reverse proxy) * WEBIRC/CGI:IRC gateways. This will replace the old `webirc { }` block in the future, though the old one will still work for now. * New setting [`set::handshake-boot- delay`](https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot-delay) which allows server linking autoconnects to kick in (and incoming servers on serversonly ports), before allowing clients in. This potentially avoids part of the mess when initially linking on-boot. This option is not turned on by default, you have to set it explicitly. * This is not a useful feature on hubs, as they don't have clients. * It can be useful on client servers, if you `autoconnect` to your hub. * If you connect services to a server with clients this can be useful as well, especially in single-server setups. You would have to set a low `retrywait` in your anope conf (or similar services package) of like `5s` instead of the default `60s`. Then after an IRCd restart, your services link in before your clients and your IRC users have SASL available straight from the start. * JSON-RPC: * New call [`log.list`](https://www.unrealircd.org/docs/JSON-RPC:Log#log.list) to fetch past 1000 log entries. This functionality is only loaded if you include `rpc.modules.default.conf`, so not wasting any memory on servers that are not used for JSON-RPC. ## Changes * [`set::topic- setter`](https://www.unrealircd.org/docs/Set_block#set::topic-setter) and [`set::ban-setter`](https://www.unrealircd.org/docs/Set_block#set::ban-setter) are now by default set to `nick-user-host` instead of `nick`, so you can see the full nick!user@host of who set the topic/ban/exempt/invex. * Some small DNS performance improvements: * We now 'negatively cache' unresolved hosts for 60 seconds. * The maximum number of cached records (positive and negative) was raised to 4096. * We no longer use "search domains" to avoid silly lookups for like `4.3.2.1.dnsbl.dronebl.org.mydomain.org`. * Data buffer chunks bumped from 512 bytes to ~4K. This results in less write calls (lower CPU usage) and more data per TCP/IP packet. * We now cache sending of lines in `sendto_channel` via a new "LineCache" system. It saves CPU on (very) large channels. * Several other performance improvements such as checking maxperip via a hash table and faster invisibility checks for delayjoin. * Blacklist hits are now logged globally. This means they show up in snomask `B`, are logged, and show up in the webpanel "Logs" view. * The event `REMOTE_CLIENT_JOIN` was mass-triggered when servers were syncing. They are now hidden, like `REMOTE_CLIENT_CONNECT`. ## Fixes * Crash when removing a `listen { }` block for websocket or rpc (or changing the port number) * When using the webpanel, if an IRC client tried to connect with the same IP as the webpanel server, it would often receive the error "Too many unknown connections". This only affected non-localhost connections. * The [`require module` block](https://www.unrealircd.org/docs/Require_module_block) was only checked of one side of the link, thus partially not working. ## Removed * [`set::maxbanlength`](https://www.unrealircd.org/docs/Set_block#set::m axbanlength) has been removed as it was not deemed useful and only confusing to users and admins. ## Developers and protocol * Server to server lines can now be 16384 bytes in size when `PROTOCTL BIGLINES` is set. This will allow us to do things more efficiently and possibly raise some other limits in the future. This 16k is the size of the complete line, including sender, message tags, content and `\r\n`. Also, in server-to-server traffic we now allow 30 parameters (`MAXPARA`*2). The original input size limits for non-servers remain the same: the complete line can be 4k+512, with the non-mtag portion limit set at 512 bytes (including `\r\n`), and `MAXPARA` is still 15 as well. * In command handlers, individual `parv[]` elements can be 510 bytes max, even if they add up like `parv[1]` and `parv[2]` both being 510 bytes each. If you need more than that, then you need to set the flag `CMD_BIGLINES` in `CommandAdd()`, then an individual parameter can be near ~16k. This is so, because a lot of the code does not expect parameters bigger than 512 bytes (but can still handle the total of parameters being greater than 512). The new flag allows gradually opting in commands to allow bigger parameters, after such code has been checked and modified to handle it. -------------------------------------------------------------------------------- ChangeLog:

* Wed Jun 14 2023 Robert Scheck robert@fedoraproject.org 6.1.1-1 - Upgrade to 6.1.1 (#2211354) -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2211354 - unrealircd-6.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2211354 --------------------------------------------------------------------------------

================================================================================ whichfont-1.0.6-1.el9 (FEDORA-EPEL-2023-b4e40fc9f9) Querying Fontconfig -------------------------------------------------------------------------------- Update Information:

help section changed -------------------------------------------------------------------------------- ChangeLog:

* Tue Jun 13 2023 Sudip Shil sshil@redhat.com - 1.0.6-1 - help section changed --------------------------------------------------------------------------------