January 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2260186] New: glm-1.0.0 is available
by bugzilla＠redhat.com 02 Mar '24

02 Mar '24

https://bugzilla.redhat.com/show_bug.cgi?id=2260186 Bug ID: 2260186 Summary: glm-1.0.0 is available Product: Fedora Version: rawhide Status: NEW Component: glm Keywords: FutureFeature, Triaged Assignee: muep(a)iki.fi Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, muep(a)iki.fi, orion(a)nwra.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.0.0 Upstream release that is considered latest: 1.0.0 Current version/release in rawhide: 0.9.9.8-7.fc39 URL: http://glm.g-truc.net Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1181/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/glm -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2260186 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2230247] New: golang-github-stretchr-objx-0.5.1 is available
by bugzilla＠redhat.com 29 Feb '24

29 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2230247 Bug ID: 2230247 Summary: golang-github-stretchr-objx-0.5.1 is available Product: Fedora Version: rawhide Status: NEW Component: golang-github-stretchr-objx Keywords: FutureFeature, Triaged Assignee: mikel(a)olasagasti.info Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, jchaloup(a)redhat.com, me(a)fale.io, mikel(a)olasagasti.info Target Milestone: --- Classification: Fedora Releases retrieved: 0.5.1 Upstream release that is considered latest: 0.5.1 Current version/release in rawhide: 0.5.0-2.fc39 URL: http://godoc.org/github.com/stretchr/objx Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/8738/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-github-stretchr-objx -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2230247 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2140488] New: python-mistune-3.0.0a3 is available
by bugzilla＠redhat.com 28 Feb '24

28 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2140488 Bug ID: 2140488 Summary: python-mistune-3.0.0a3 is available Product: Fedora Version: rawhide Status: NEW Component: python-mistune Keywords: FutureFeature, Triaged Assignee: lupinix.fedora(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lupinix.fedora(a)gmail.com, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 3.0.0rc2 Upstream release that is considered latest: 3.0.0a3 Current version/release in rawhide: 2.0.4-1.fc38 URL: https://github.com/lepture/mistune Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/6189/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-mistune -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2140488

1 9

[Bug 2246633] New: CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [fedora-all]
by bugzilla＠redhat.com 28 Feb '24

28 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2246633 Bug ID: 2246633 Summary: CVE-2023-46234 yarnpkg: browserify-sign: upper bound check issue in dsaVerify leads to a signature forgery attack [fedora-all] Product: Fedora Version: 38 Status: NEW Component: yarnpkg Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: zsvetlik(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com, zsvetlik(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2246470 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2246633 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

[Bug 2220682] New: CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [fedora-all]
by bugzilla＠redhat.com 28 Feb '24

28 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2220682 Bug ID: 2220682 Summary: CVE-2023-26136 yarnpkg: tough-cookie: prototype pollution in cookie memstore [fedora-all] Product: Fedora Version: 38 Status: NEW Component: yarnpkg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zsvetlik(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com, zsvetlik(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2219310 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2220682 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 8

[Bug 2209317] New: CVE-2022-37599 yarnpkg: loader-utils: regular expression denial of service in interpolateName.js [fedora-all]
by bugzilla＠redhat.com 28 Feb '24

28 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2209317 Bug ID: 2209317 Summary: CVE-2022-37599 yarnpkg: loader-utils: regular expression denial of service in interpolateName.js [fedora-all] Product: Fedora Version: 38 Status: NEW Component: yarnpkg Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zsvetlik(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, ngompa13(a)gmail.com, zsvetlik(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2134872 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2209317

1 8

[Bug 2254037] New: python-pandas uses Cython 0.29 to build, please update to Cython 3
by bugzilla＠redhat.com 27 Feb '24

27 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2254037 Bug ID: 2254037 Summary: python-pandas uses Cython 0.29 to build, please update to Cython 3 Product: Fedora Version: rawhide Status: NEW Component: python-pandas Assignee: jonathan(a)almalinux.org Reporter: mhroncok(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, mail(a)kushaldas.in, neuro-sig(a)lists.fedoraproject.org, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, sergio.pasra(a)gmail.com, tomspur(a)fedoraproject.org, wfp5p(a)worldbroken.com Blocks: 2254029 (DROP_CYTHON_0.29) Target Milestone: --- Classification: Fedora Description of problem: As the maintainer of the deprecated python-cython0.29 package, I'd like to get rid of it. I'm opening this bugzilla to track the migration of python-pandas to Cython 3. Version-Release number of selected component: python-pandas-0:1.5.3-7.fc39~bootstrap.src Upstream issue: https://github.com/pandas-dev/pandas/issues/34213 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2254029 [Bug 2254029] Tracker: Get rid of Cython 0.29 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254037 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2261588] New: python-pandas: FTBFS in Fedora rawhide/f40
by bugzilla＠redhat.com 27 Feb '24

27 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2261588 Bug ID: 2261588 Summary: python-pandas: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: python-pandas Assignee: jonathan(a)almalinux.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, mail(a)kushaldas.in, neuro-sig(a)lists.fedoraproject.org, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, sergio.pasra(a)gmail.com, tomspur(a)fedoraproject.org, wfp5p(a)worldbroken.com Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora python-pandas failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112393646 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix python-pandas at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, python-pandas will be orphaned. Before branching of Fedora 41, python-pandas will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261588 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2251792] New: python-bcrypt-4.1.0 is available
by bugzilla＠redhat.com 24 Feb '24

24 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2251792 Bug ID: 2251792 Summary: python-bcrypt-4.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-bcrypt Keywords: FutureFeature, Triaged Assignee: pingou(a)pingoured.fr Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, mhayden(a)redhat.com, pingou(a)pingoured.fr, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 4.1.0 Upstream release that is considered latest: 4.1.0 Current version/release in rawhide: 4.0.1-6.fc40 URL: http://pypi.python.org/pypi/bcrypt Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/9047/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-bcrypt -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2251792 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 10

[Bug 2261176] New: golang-github-bep-gowebp: FTBFS in Fedora rawhide/f40
by bugzilla＠redhat.com 21 Feb '24

21 Feb '24

https://bugzilla.redhat.com/show_bug.cgi?id=2261176 Bug ID: 2261176 Summary: golang-github-bep-gowebp: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: golang-github-bep-gowebp Assignee: redhat(a)flyn.org Reporter: releng(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, redhat(a)flyn.org Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora golang-github-bep-gowebp failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112276706 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix golang-github-bep-gowebp at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, golang-github-bep-gowebp will be orphaned. Before branching of Fedora 41, golang-github-bep-gowebp will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261176 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

2024

2023

2022

2021

Epel-packagers-sig January 2024