-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-bc1f081ca0 2023-12-07 01:56:29.028218 --------------------------------------------------------------------------------
Name : uxplay Product : Fedora 38 Version : 1.66 Release : 2.fc38 URL : https://github.com/FDH2/UxPlay Summary : AirPlay Unix mirroring server Description : An AirPlay2 Mirror and AirPlay2 Audio (but not Video) server that provides screen-mirroring (with audio) of iOS/MacOS clients in a display window on the server host (which can be shared using a screen-sharing application); Apple Lossless Audio (ALAC) (e.g.,iTunes) can be streamed from client to server in non-mirror mode.
-------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2023-47627 https://pagure.io/fesco/issue/3106 ## python- aiohttp 3.8.6 (2023-10-07) https://github.com/aio- libs/aiohttp/blob/v3.8.6/CHANGES.rst#386-2023-10-07 ### Security bugfixes - Upgraded `llhttp` to v9.1.3: https://github.com/aio- libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9 - Updated Python parser to comply with RFCs 9110/9112: https://github.com/aio- libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg ### Deprecation - Added `fallback_charset_resolver` parameter in `ClientSession` to allow a user- supplied character set detection function. Character set detection will no longer be included in 3.9 as a default. If this feature is needed, please use [` fallback_charset_resolver`](https://docs.aiohttp.org/en/stable/client_advanced.h tml#character-set-detection). ### Features - Enabled lenient response parsing for more flexible parsing in the client (this should resolve some regressions when dealing with badly formatted HTTP responses). ### Bugfixes - Fixed `PermissionError` when `.netrc` is unreadable due to permissions. - Fixed output of parsing errors pointing to a `\n`. - Fixed `GunicornWebWorker` max_requests_jitter not working. - Fixed sorting in `filter_cookies` to use cookie with longest path. - Fixed display of `BadStatusLine` messages from `llhttp`. ---- ## llhttp 9.1.3 ### Fixes - Restart the parser on HTTP 100 - Fix chunk extensions quoted-string value parsing - Fix lenient_flags truncated on reset - Fix chunk extensions��� parameters parsing when more then one name- value pair provided ## llhttp 9.1.2 ### What's Changed - Fix HTTP 1xx handling ## llhttp 9.1.1 ### What's Changed - feat: Expose new lenient methods ## llhttp 9.1.0 ### What's Changed - New lenient flag to make CR completely optional - New lenient flag to have spaces after chunk header -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 23 2023 Davide Cavalca dcavalca@fedoraproject.org - 1.66-2 - Rebuild for llhttp SONAME bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2249825 - CVE-2023-47627 python-aiohttp: numerous issues in HTTP parser with header parsing https://bugzilla.redhat.com/show_bug.cgi?id=2249825 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-bc1f081ca0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------