Fedora EPEL 9 updates-testing report - epel-devel - Fedora mailing-lists

7 Jun 2023


      The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-eacf1a60fb   python-flask-restx-1.1.0-1.el9
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5b5f974a90   sympa-6.2.72-2.el9
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-867723f541   cpp-httplib-0.12.5-2.el9
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f04011e9d4   yarnpkg-1.22.19-5.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
apptainer-1.1.9-1.el9
    guacamole-server-1.5.2-2.el9
    mongo-c-driver-1.23.5-1.el9
    perl-Graphics-TIFF-20-1.el9
    perl-HTML-StripScripts-1.06-22.el9
    python-cliff-4.2.0-2.el9
    python-ogr-0.45.0-1.el9
    remmina-1.4.31-1.el9
    rust-aho-corasick-1.0.2-1.el9
    rust-getrandom-0.2.10-1.el9
    rust-iana-time-zone-0.1.57-1.el9
    rust-lock_api-0.4.10-1.el9
    rust-mio-0.8.8-1.el9
    rust-once_cell-1.18.0-1.el9
    rust-parking_lot_core-0.9.8-1.el9
    rust-procfs0.12-0.12.0-1.el9
    rust-regex-1.8.4-1.el9
    rust-tempfile-3.6.0-1.el9
    syncthing-1.23.5-1.el9
Details about builds:
================================================================================
 apptainer-1.1.9-1.el9 (FEDORA-EPEL-2023-4949aa5f16)
 Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream-1.1.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Dave Dykstra dwd@fnal.gov - 1.1.9-1
- Update to upstream 1.1.9.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213313 - apptainer-1.1.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2213313
--------------------------------------------------------------------------------
================================================================================
 guacamole-server-1.5.2-2.el9 (FEDORA-EPEL-2023-eb4f2cd0c6)
 Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
- Added upstream patch to fix RDP related segfault ([GUACAMOLE-
1802](https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-1802))
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Robert Scheck robert@fedoraproject.org - 1.5.2-2
- Added upstream patch to fix RDP related segfault (GUACAMOLE-1802)
--------------------------------------------------------------------------------
================================================================================
 mongo-c-driver-1.23.5-1.el9 (FEDORA-EPEL-2023-31a44d5fdb)
 Client library written in C for MongoDB
--------------------------------------------------------------------------------
Update Information:
**libmongoc 1.23.5**  Fixes:  *    Fix potential crash due to insufficient
memory when allocating performance counters. *    Fix compilation error on
Android platforms due to missing aligned_alloc. *    Return an error if
RewrapManyDataKey is invoked without a provider when a masterKey is given.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Remi Collet remi@remirepo.net - 1.23.5-1
- update to 1.23.5
--------------------------------------------------------------------------------
================================================================================
 perl-Graphics-TIFF-20-1.el9 (FEDORA-EPEL-2023-8254b0f713)
 Perl extension for the LibTIFF library
--------------------------------------------------------------------------------
Update Information:
This release adds a support for position tags. It also adapts tests to Perl
5.37.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Petr Pisar ppisar@redhat.com - 20-1
- 20 version bump
* Thu May 18 2023 Petr Pisar ppisar@redhat.com - 19-4
- Handle position tags and adapt tests to changes in ImageMagick-7.1.1.8
  (bug #2208278)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2212972 - perl-Graphics-TIFF-20 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2212972
--------------------------------------------------------------------------------
================================================================================
 perl-HTML-StripScripts-1.06-22.el9 (FEDORA-EPEL-2023-de31cb6120)
 Strip scripting constructs out of HTML
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2023-24038
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Xavier Bachelot xavier@bachelot.org 1.06-22
- Add patch for CVE-2023-24038
- Convert License: to SPDX
* Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.06-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.06-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova jplesnik@redhat.com - 1.06-19
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.06-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164149 - CVE-2023-24038 perl-HTML-StripScripts: Handler for style attribute is vulnerable to ReDoS [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2164149
--------------------------------------------------------------------------------
================================================================================
 python-cliff-4.2.0-2.el9 (FEDORA-EPEL-2023-d1292bc1d6)
 Command Line Interface Formulation Framework
--------------------------------------------------------------------------------
Update Information:
Latest build for EPEL 9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun  6 2023 Joel Capitao jcapitao@redhat.com 4.2.0-2
- Remove mock and testrepository BR
* Fri Apr 21 2023 Karolina Kula kkula@redhat.com 4.2.0-1
- Update to upstream version 4.2.0
* Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 4.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Sep 28 2022 Benjamin A. Beasley code@musicinmybrain.net - 4.0.0-2
- Fix missing importlib_metadata runtime dependency
* Sun Sep 18 2022 Kevin Fenzi kevin@scrye.com - 4.0.0-1
- Update to 4.0.0. Fixes rhbz#2117683
* Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 3.10.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 3.10.1-3
- Rebuilt for pyparsing-3.0.9
* Thu Jun 16 2022 Python Maint python-maint@redhat.com - 3.10.1-2
- Rebuilt for Python 3.11
* Thu May 19 2022 Joel Capitao jcapitao@redhat.com 3.10.1-1
- Update to upstream version 3.10.1
* Thu Jan 27 2022 Joel Capitao jcapitao@redhat.com - 3.10.0-3
- Requires autopage to fix F36/FTBFS
* Fri Jan 21 2022 Fedora Release Engineering releng@fedoraproject.org - 3.10.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan  8 2022 Kevin Fenzi kevin@scrye.com - 3.10.0-1
- Update to 3.10.0. Fixes rhbz#2026719
* Sat Nov  6 2021 Kevin Fenzi kevin@scrye.com - 3.9.0-1
- Update to 3.9.1. Fixes rhbz#1997441
* Fri Jul 23 2021 Fedora Release Engineering releng@fedoraproject.org - 3.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jun 19 2021 Kevin Fenzi kevin@scrye.com - 3.8.0-1
- Update to 3.8.0. Fixes rhbz#1965278
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2111289 - Please branch and build python3-cliff in epel9
        https://bugzilla.redhat.com/show_bug.cgi?id=2111289
--------------------------------------------------------------------------------
================================================================================
 python-ogr-0.45.0-1.el9 (FEDORA-EPEL-2023-94ded031c0)
 One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.45.0-1.el9.  ##### **Changelog for python-
ogr**  ``` * Mon Jun 05 2023 Packit hello@packit.dev - 0.45.0-1 - OGR now
supports PyGithub >= 1.58.  ```
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun  5 2023 Packit hello@packit.dev - 0.45.0-1
- OGR now supports PyGithub >= 1.58.
--------------------------------------------------------------------------------
================================================================================
 remmina-1.4.31-1.el9 (FEDORA-EPEL-2023-cb8b50eb56)
 Remote Desktop Client
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.4.31.  Remove no longer needed patches.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Phil Wyett philip.wyett@kathenas.org - 1.4.31-1
- New upstream version 1.4.31.
- Remove no longer needed patches.
* Tue Jun  6 2023 Phil Wyett philip.wyett@kathenas.org - 1.4.30-3
- Remove some old workarounds from spec file.
--------------------------------------------------------------------------------
================================================================================
 rust-aho-corasick-1.0.2-1.el9 (FEDORA-EPEL-2023-fc3941baee)
 Fast multiple substring searching
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.2.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.0.2-1
- Update to version 1.0.2; Fixes RHBZ#2212163
--------------------------------------------------------------------------------
================================================================================
 rust-getrandom-0.2.10-1.el9 (FEDORA-EPEL-2023-e3c570b06d)
 Small cross-platform library for retrieving random data from system source
--------------------------------------------------------------------------------
Update Information:
Update to version 0.2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 0.2.10-1
- Update to version 0.2.10; Fixes RHBZ#2212935
--------------------------------------------------------------------------------
================================================================================
 rust-iana-time-zone-0.1.57-1.el9 (FEDORA-EPEL-2023-86eb8b4948)
 Get the IANA time zone for the current system
--------------------------------------------------------------------------------
Update Information:
Update to version 0.1.57.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 0.1.57-1
- Update to version 0.1.57; Fixes RHBZ#2213192
--------------------------------------------------------------------------------
================================================================================
 rust-lock_api-0.4.10-1.el9 (FEDORA-EPEL-2023-85476692c6)
 Wrappers to create fully-featured Mutex and RwLock types
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.10.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 0.4.10-1
- Update to version 0.4.10; Fixes RHBZ#2212573
--------------------------------------------------------------------------------
================================================================================
 rust-mio-0.8.8-1.el9 (FEDORA-EPEL-2023-0dedf1fef9)
 Lightweight non-blocking I/O
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun  4 2023 Fabio Valentini decathorpe@gmail.com - 0.8.8-1
- Update to version 0.8.8; Fixes RHBZ#2211201
--------------------------------------------------------------------------------
================================================================================
 rust-once_cell-1.18.0-1.el9 (FEDORA-EPEL-2023-d73abb6ea4)
 Single assignment cells and lazy values
--------------------------------------------------------------------------------
Update Information:
Update to version 1.18.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.18.0-1
- Update to version 1.18.0; Fixes RHBZ#2212161
--------------------------------------------------------------------------------
================================================================================
 rust-parking_lot_core-0.9.8-1.el9 (FEDORA-EPEL-2023-1e88413289)
 Advanced API for creating custom synchronization primitives
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.8.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 0.9.8-1
- Update to version 0.9.8; Fixes RHBZ#2212575
--------------------------------------------------------------------------------
================================================================================
 rust-procfs0.12-0.12.0-1.el9 (FEDORA-EPEL-2023-887ac981d3)
 Interface to the linux procfs pseudo-filesystem
--------------------------------------------------------------------------------
Update Information:
Import compat package for v0.12 of the procfs crate to EPEL9 to fix FTBFS / FTI
issues caused by an incomplete update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 17 2023 Michel Alexandre Salim salimma@fedoraproject.org - 0.12.0-1
- Initial Fedora package
--------------------------------------------------------------------------------
================================================================================
 rust-regex-1.8.4-1.el9 (FEDORA-EPEL-2023-f026dc2c4d)
 Implementation of regular expressions for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 1.8.4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.8.4-1
- Update to version 1.8.4; Fixes RHBZ#2212388
--------------------------------------------------------------------------------
================================================================================
 rust-tempfile-3.6.0-1.el9 (FEDORA-EPEL-2023-87168d300e)
 Library for managing temporary files and directories
--------------------------------------------------------------------------------
Update Information:
Update to version 3.6.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 3.6.0-1
- Update to version 3.6.0; Fixes RHBZ#2212993
--------------------------------------------------------------------------------
================================================================================
 syncthing-1.23.5-1.el9 (FEDORA-EPEL-2023-a1ed86449c)
 Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.5. Addresses CVE-2022-46165.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.5-1
- Update to version 1.23.5; Fixes RHBZ#2213024
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.4-1
- Update to version 1.23.4; Fixes RHBZ#2184805
* Wed Jun  7 2023 Fabio Valentini decathorpe@gmail.com - 1.23.2-1
- Update to version 1.23.2; Fixes RHBZ#2167959
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213012 - CVE-2022-46165 syncthing: Cross-site scripting through malicious files [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2213012
--------------------------------------------------------------------------------