Fedora EPEL 9 updates-testing report - epel-devel - Fedora mailing-lists

13 Dec 2023


      The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a0fcd69d86   chromium-120.0.6099.71-1.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7a05e8decc   rdiff-backup-2.2.6-3.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
AMF-1.4.32-1.el9
    bitcoin-core-26.0-1.el9
    blender-3.3.12-1.el9
    gfal2-2.22.1-1.el9
    gfal2-python-1.12.2-1.el9
    gfal2-util-1.8.1-1.el9
    knot-3.3.3-1.el9
    kobo-0.35.0-1.el9
    llhttp-9.1.3-1.el9
    mock-5.3-1.el9
    python-aiohttp-3.9.1-1.el9
    python-dirhash-0.2.1-1.el9
    qbittorrent-4.6.2-1.el9
    rust-itertools-0.12.0-1.el9
    rust-itertools0.11-0.11.0-1.el9
    rust-proptest-derive-0.4.0-1.el9
    rust-proptest-derive0.3-0.3.0-1.el9
    rust-toml-0.8.8-1.el9
    rust-toml_edit-0.21.0-1.el9
    rust-toml_edit0.20-0.20.7-1.el9
    xrootd-5.6.4-1.el9
Details about builds:
================================================================================
 AMF-1.4.32-1.el9 (FEDORA-EPEL-2023-830f958112)
 Advanced Media Framework (AMF) SDK
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.32.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Simone Caronni negativo17@gmail.com - 1.4.32-1
- Update to 1.4.32.
--------------------------------------------------------------------------------
================================================================================
 bitcoin-core-26.0-1.el9 (FEDORA-EPEL-2023-91bc6fe121)
 Peer to Peer Cryptographic Currency
--------------------------------------------------------------------------------
Update Information:
Update to 26.0.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Simone Caronni negativo17@gmail.com - 26.0-1
- Update to 26.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2253689 - bitcoin-core-26.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2253689
--------------------------------------------------------------------------------
================================================================================
 blender-3.3.12-1.el9 (FEDORA-EPEL-2023-2bcf96547f)
 3D modeling, animation, rendering and post-production
--------------------------------------------------------------------------------
Update Information:
New updates with fixed macros for addons
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Luya Tshimbalanga luya@fedoraproject.org - 1:3.3.12-1
- Update to 3.3.12
--------------------------------------------------------------------------------
================================================================================
 gfal2-2.22.1-1.el9 (FEDORA-EPEL-2023-209f98626f)
 Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
New upstream release v2.22.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Mihai Patrascoiu mihai.patrascoiu@cern.ch - 2.22.1-1
- Upgrade to upstream release 2.22.1
* Tue Oct 31 2023 Terje Rosten terje.rosten@ntnu.no - 2.21.5-2
- Rebuild for gtest 1.14.0 (bugzilla #2228663)
--------------------------------------------------------------------------------
================================================================================
 gfal2-python-1.12.2-1.el9 (FEDORA-EPEL-2023-6f9cfa7592)
 Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
New upstream release v1.12.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Mihai Patrascoiu mihai.patrascoiu@cern.ch - 1.12.2-1
- Upgrade to upstream release 1.12.2
* Tue Nov 21 2023 Mihai Patrascoiu mihai.patrascoiu@cern.ch - 1.12.1-2
- Patch for the Python 3.13 rebuild (close RHBZ#2250873)
--------------------------------------------------------------------------------
================================================================================
 gfal2-util-1.8.1-1.el9 (FEDORA-EPEL-2023-3c73856303)
 GFAL2 utility tools
--------------------------------------------------------------------------------
Update Information:
New upstream release v1.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Mihai Patrascoiu mipatras@cern.ch - 1.8.1-1
- Upgrade to upstream release 1.8.1
* Wed Jul 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 knot-3.3.3-1.el9 (FEDORA-EPEL-2023-4808fb855f)
 High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS 3.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 3.3.3-1
- Update to 3.3.3
--------------------------------------------------------------------------------
================================================================================
 kobo-0.35.0-1.el9 (FEDORA-EPEL-2023-fb01bd9a46)
 Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
rebase to latest upstream release (rhbz#2254256)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Luk���� Zaoral lzaoral@redhat.com - 0.35.0-1
- rebase to latest upstream release (rhbz#2254256)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2254256 - kobo-0.35.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2254256
--------------------------------------------------------------------------------
================================================================================
 llhttp-9.1.3-1.el9 (FEDORA-EPEL-2023-4b1b8b8b25)
 Port of http_parser to llparse
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-47627, CVE-2023-49081, CVE-2023-49082.
https://pagure.io/epel/issue/262  ## python-aiohttp 3.9.1 (2023-11-26)
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#391-2023-11-26  ##
python-aiohttp 3.9.0 (2023-11-17)  https://github.com/aio-
libs/aiohttp/blob/v3.9.1/CHANGES.rst#390-2023-11-18  ## python-aiohttp 3.8.6
(2023-10-07)  https://github.com/aio-
libs/aiohttp/blob/v3.9.1/CHANGES.rst#386-2023-10-07  -----  ## llhttp 9.1.3  ###
Fixes  - Restart the parser on HTTP 100 - Fix chunk extensions quoted-string
value parsing - Fix `lenient_flags` truncated on reset - Fix chunk extensions���
parameters parsing when more then one name-value pair provided  ## llhttp 9.1.2
### What's Changed  - Fix HTTP 1xx handling  ## llhttp 9.1.1  ### What's Changed
- feat: Expose new lenient methods  ## llhttp 9.1.0  ### What's Changed  - New
lenient flag to make CR completely optional - New lenient flag to have spaces
after chunk header
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.1.3-1
- Update to 9.1.3 (close RHBZ#2242220)
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.1.2-1
- Update to 9.1.2
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.1.1-1
- Update to 9.1.1
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.1.0-1
- Update to 9.1.0
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.0.1-1
- Update to 9.0.1 (close RHBZ#2228290)
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 9.0.0-1
- Update to 9.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2250614 - CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2250614
  [ 2 ] Bug #2252239 - TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2252239
  [ 3 ] Bug #2252250 - TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2252250
--------------------------------------------------------------------------------
================================================================================
 mock-5.3-1.el9 (FEDORA-EPEL-2023-336a3b357a)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
https://rpm-software-management.github.io/mock/Release-Notes-5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Pavel Raiskup praiskup@redhat.com 5.3-1
- orphanskill: log command line arguments of the terminated process
- docs: migrate the community from IRC to Matrix
- dnf5: don't output to a PTY (mail@evangoo.de)
- new rpmautospec plugin (sgallagh@redhat.com, nils@redhat.com)
- fix bash completion with multiple file arguments (orion@nwra.com)
- only %prep once when running %generate_buildrequires multiple times (miro@hroncok.cz)
- Dynamic BuildRequires: Prevent generation of unsatisfied dependency (miro@hroncok.cz)
- Identify buildroot package management earlier (praiskup@redhat.com)
- Dump also dnf5 info into logs
--------------------------------------------------------------------------------
================================================================================
 python-aiohttp-3.9.1-1.el9 (FEDORA-EPEL-2023-4b1b8b8b25)
 Python HTTP client/server for asyncio
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2023-47627, CVE-2023-49081, CVE-2023-49082.
https://pagure.io/epel/issue/262  ## python-aiohttp 3.9.1 (2023-11-26)
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#391-2023-11-26  ##
python-aiohttp 3.9.0 (2023-11-17)  https://github.com/aio-
libs/aiohttp/blob/v3.9.1/CHANGES.rst#390-2023-11-18  ## python-aiohttp 3.8.6
(2023-10-07)  https://github.com/aio-
libs/aiohttp/blob/v3.9.1/CHANGES.rst#386-2023-10-07  -----  ## llhttp 9.1.3  ###
Fixes  - Restart the parser on HTTP 100 - Fix chunk extensions quoted-string
value parsing - Fix `lenient_flags` truncated on reset - Fix chunk extensions���
parameters parsing when more then one name-value pair provided  ## llhttp 9.1.2
### What's Changed  - Fix HTTP 1xx handling  ## llhttp 9.1.1  ### What's Changed
- feat: Expose new lenient methods  ## llhttp 9.1.0  ### What's Changed  - New
lenient flag to make CR completely optional - New lenient flag to have spaces
after chunk header
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 3.9.1-1
- Update to 3.9.1 (fix RHBZ#2252236, fix RHBZ#2252249)
- Fixes CVE-2023-49081 and CVE-2023-49082
* Mon Oct 16 2023 Benjamin A. Beasley code@musicinmybrain.net - 3.8.6-1
- Update to 3.8.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2250614 - CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2250614
  [ 2 ] Bug #2252239 - TRIAGE CVE-2023-49081 python-aiohttp: aiohttp: HTTP request modification [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2252239
  [ 3 ] Bug #2252250 - TRIAGE CVE-2023-49082 python-aiohttp: aiohttp: CRLF injection if user controls the HTTP method using aiohttp client [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2252250
--------------------------------------------------------------------------------
================================================================================
 python-dirhash-0.2.1-1.el9 (FEDORA-EPEL-2023-1a170351a0)
 Python module and CLI for hashing of file system directories
--------------------------------------------------------------------------------
Update Information:
Initial build of python-dirhash.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 16 2022 Scott K Logan logans@cottsay.net - 0.2.1-1
- Initial package (rhbz#2143807)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2143807 - Review Request: python-dirhash - Python module and CLI for hashing of file system directories
        https://bugzilla.redhat.com/show_bug.cgi?id=2143807
--------------------------------------------------------------------------------
================================================================================
 qbittorrent-4.6.2-1.el9 (FEDORA-EPEL-2023-339f0a3129)
 A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
update to 4.6.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 30 2023 Leigh Scott leigh123linux@gmail.com - 1:4.6.2-1
- Update to 4.6.2
--------------------------------------------------------------------------------
================================================================================
 rust-itertools-0.12.0-1.el9 (FEDORA-EPEL-2023-0a0b51a7e9)
 Extra iterator adaptors, iterator methods, free functions, and macros
--------------------------------------------------------------------------------
Update Information:
- Update the toml crate to version 0.8.8. - Update the toml_edit crate to
version 0.21.0. - Add a compat package for version 0.20 of the toml_edit crate.
- Update the itertools crate to version 0.12.0. - Add a compat package for
version 0.11 of the itertools crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.12.0-1
- Update to version 0.12.0; Fixes RHBZ#2249677
* Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.11.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 rust-itertools0.11-0.11.0-1.el9 (FEDORA-EPEL-2023-0a0b51a7e9)
 Extra iterator adaptors, iterator methods, free functions, and macros
--------------------------------------------------------------------------------
Update Information:
- Update the toml crate to version 0.8.8. - Update the toml_edit crate to
version 0.21.0. - Add a compat package for version 0.20 of the toml_edit crate.
- Update the itertools crate to version 0.12.0. - Add a compat package for
version 0.11 of the itertools crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.11.0-1
- Initial import (itertools 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
 rust-proptest-derive-0.4.0-1.el9 (FEDORA-EPEL-2023-e6b337db99)
 Custom-derive for the Arbitrary trait of proptest
--------------------------------------------------------------------------------
Update Information:
- Update the proptest-derive crate to version 0.4.0. - Add a compat package for
version 0.3 of the proptest-derive crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.4.0-1
- Update to version 0.4.0; Fixes RHBZ#2235211
* Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 rust-proptest-derive0.3-0.3.0-1.el9 (FEDORA-EPEL-2023-e6b337db99)
 Custom-derive for the Arbitrary trait of proptest
--------------------------------------------------------------------------------
Update Information:
- Update the proptest-derive crate to version 0.4.0. - Add a compat package for
version 0.3 of the proptest-derive crate.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 13 2023 Fabio Valentini decathorpe@gmail.com - 0.3.0-1
- Initial import (proptest-derive 0.3 compat package)
--------------------------------------------------------------------------------
================================================================================
 rust-toml-0.8.8-1.el9 (FEDORA-EPEL-2023-0a0b51a7e9)
 Native Rust encoder and decoder of TOML-formatted files and streams
--------------------------------------------------------------------------------
Update Information:
- Update the toml crate to version 0.8.8. - Update the toml_edit crate to
version 0.21.0. - Add a compat package for version 0.20 of the toml_edit crate.
- Update the itertools crate to version 0.12.0. - Add a compat package for
version 0.11 of the itertools crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.8.8-1
- Update to version 0.8.8, Fixes RHBZ#2245686
--------------------------------------------------------------------------------
================================================================================
 rust-toml_edit-0.21.0-1.el9 (FEDORA-EPEL-2023-0a0b51a7e9)
 Yet another format-preserving TOML parser
--------------------------------------------------------------------------------
Update Information:
- Update the toml crate to version 0.8.8. - Update the toml_edit crate to
version 0.21.0. - Add a compat package for version 0.20 of the toml_edit crate.
- Update the itertools crate to version 0.12.0. - Add a compat package for
version 0.11 of the itertools crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.21.0-1
- Update to version 0.21.0; Fixes RHBZ#2245688
--------------------------------------------------------------------------------
================================================================================
 rust-toml_edit0.20-0.20.7-1.el9 (FEDORA-EPEL-2023-0a0b51a7e9)
 Yet another format-preserving TOML parser
--------------------------------------------------------------------------------
Update Information:
- Update the toml crate to version 0.8.8. - Update the toml_edit crate to
version 0.21.0. - Add a compat package for version 0.20 of the toml_edit crate.
- Update the itertools crate to version 0.12.0. - Add a compat package for
version 0.11 of the itertools crate.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 12 2023 Fabio Valentini decathorpe@gmail.com - 0.20.7-1
- Initial import (toml_edit 0.20 compat package)
--------------------------------------------------------------------------------
================================================================================
 xrootd-5.6.4-1.el9 (FEDORA-EPEL-2023-0d169188ef)
 Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
XRootD 5.6.4
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 11 2023 Mattias Ellert mattias.ellert@physics.uu.se - 1:5.6.4-1
- Update to version 5.6.4
- Drop patches accepted upstream or previously backported
* Tue Dec  5 2023 Mattias Ellert mattias.ellert@physics.uu.se - 1:5.6.3-3
- Avoid /tmp when running some tests
- Fail gracefully in case of unsupported extended file attributes
- Avoid null bytes in error message strings
- Fix include path in XRootDConfig.cmake
- Avoid dereferencing unaligned pointers
- Support big endian in XrdZip
--------------------------------------------------------------------------------