The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-52d4a7be15 bitcoin-core-24.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
Rex-1.14.2-0.el8
distgen-1.16-1.el8
Details about builds:
================================================================================
Rex-1.14.2-0.el8 (FEDORA-EPEL-2023-bcfdcebcbb)
The friendly automation framework on basis of Perl
--------------------------------------------------------------------------------
Update Information:
This update brings a new minor version of the friendly automation framework to
you.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 30 2023 Dominic Hopf <dmaphy(a)fedoraproject.org> - 1.14.2-1
- Update to 1.14.2 (#2175551)
* Mon Mar 6 2023 Dominic Hopf <dmaphy(a)fedoraproject.org> - 1.14.1-1
- Update to 1.14.1 (#2175551)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2175551 - Rex-1.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2175551
--------------------------------------------------------------------------------
================================================================================
distgen-1.16-1.el8 (FEDORA-EPEL-2023-66a9f960f6)
Templating system/generator for distributions
--------------------------------------------------------------------------------
Update Information:
New upstream release of distgen.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Zuzana Miklankova <zmiklank(a)redhat.com> - 1.16-1
- new upstream release, https://github.com/devexp-db/distgen/releases/tag/v1.16
--------------------------------------------------------------------------------
The following builds have been pushed to Fedora EPEL 9 updates-testing
distgen-1.16-1.el9
fbrnch-1.3.2-11.el9
rust-git2-0.16.1-1.el9
rust-git2_0.14-0.14.4-1.el9
rust-html2text-0.5.1-1.el9
rust-libgit2-sys-0.14.2-1.el9
rust-libgit2-sys0.13-0.13.5-1.el9
Details about builds:
================================================================================
distgen-1.16-1.el9 (FEDORA-EPEL-2023-cec7b13e68)
Templating system/generator for distributions
--------------------------------------------------------------------------------
Update Information:
New upstream release of distgen.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Zuzana Miklankova <zmiklank(a)redhat.com> - 1.16-1
- new upstream release, https://github.com/devexp-db/distgen/releases/tag/v1.16
--------------------------------------------------------------------------------
================================================================================
fbrnch-1.3.2-11.el9 (FEDORA-EPEL-2023-01905d2b9b)
Fedora packager tool to build package branches
--------------------------------------------------------------------------------
Update Information:
- https://hackage.haskell.org/package/fbrnch-1.3.2/changelog : - prompts now
support line-editing thanks to simple-prompt-0.2 using haskeline - 'parallel',
'sort', 'graph': use getDynSourcesMacros - 'parallel': include no of layers in
"more package layers" message - 'parallel': output sidetag - 'prep': default to
--nodeps - 'request-branches': output owners (to ask) if no permission -
'request-branches': committers can also request branches - 'scratch': print
target for srpm build (only) - 'src-deps': add --define 'MACRO DEF' - 'update-
version': munch spectool patch filenames too - Bodhi only accepts update notes
<= 10000 characters now - Git refPrompt: also accept y/yes - Koji
targetMaybeSidetag dryrun: do not append "-dryrun" to buildtag - Merge: newline
after local commits - Package cleanChangelog: append a newline -
https://hackage.haskell.org/package/fbrnch-1.3.1/changelog : - check for
autorelease more carefully - buildRequires: fix dynamic BRs with getSources and
space after /var/home/petersen/fedora/haskell/hackage/fbrnch/SRPMS (reported
by kiilerix)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 30 2023 Jens Petersen <petersen(a)redhat.com> - 1.3.2-11
- https://hackage.haskell.org/package/fbrnch-1.3.2/changelog :
- prompts now support line-editing thanks to simple-prompt-0.2 using haskeline
- 'parallel', 'sort', 'graph': use getDynSourcesMacros
- 'parallel': include no of layers in "more package layers" message
- 'parallel': output sidetag
- 'prep': default to --nodeps
- 'request-branches': output owners (to ask) if no permission
- 'request-branches': committers can also request branches
- 'scratch': print target for srpm build (only)
- 'src-deps': add --define 'MACRO DEF'
- 'update-version': munch spectool patch filenames too
- Bodhi only accepts update notes <= 10000 characters now
- Git refPrompt: also accept y/yes
- Koji targetMaybeSidetag dryrun: do not append "-dryrun" to buildtag
- Merge: newline after local commits
- Package cleanChangelog: append a newline
- https://hackage.haskell.org/package/fbrnch-1.3.1/changelog :
- check for autorelease more carefully
- buildRequires: fix dynamic BRs with getSources and space after /builddir/build/SRPMS
(reported by kiilerix)
--------------------------------------------------------------------------------
================================================================================
rust-git2-0.16.1-1.el9 (FEDORA-EPEL-2023-3ec55f8796)
Bindings to libgit2 for interoperating with git repositories
--------------------------------------------------------------------------------
Update Information:
- Update the git2 crate to version 0.16.1. - Add a compat package for version
0.14 of the git2 crate. - Update the libgit2-sys crate to version 0.14.2. - Add
a compat package for version 0.13 of the libgit2-sys crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.16.1-1
- Update to version 0.16.1
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.14.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-git2_0.14-0.14.4-1.el9 (FEDORA-EPEL-2023-3ec55f8796)
Bindings to libgit2 for interoperating with git repositories
--------------------------------------------------------------------------------
Update Information:
- Update the git2 crate to version 0.16.1. - Add a compat package for version
0.14 of the git2 crate. - Update the libgit2-sys crate to version 0.14.2. - Add
a compat package for version 0.13 of the libgit2-sys crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.14.4-1
- Initial import (git2 0.14 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-html2text-0.5.1-1.el9 (FEDORA-EPEL-2023-9ce7f6b860)
Render HTML as plain text
--------------------------------------------------------------------------------
Update Information:
Initial packaging of the html2text crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.1-1
- Initial import (#2209378)
--------------------------------------------------------------------------------
================================================================================
rust-libgit2-sys-0.14.2-1.el9 (FEDORA-EPEL-2023-3ec55f8796)
Native bindings to the libgit2 library
--------------------------------------------------------------------------------
Update Information:
- Update the git2 crate to version 0.16.1. - Add a compat package for version
0.14 of the git2 crate. - Update the libgit2-sys crate to version 0.14.2. - Add
a compat package for version 0.13 of the libgit2-sys crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.14.2-1
- Update to version 0.14.2+1.5.1
--------------------------------------------------------------------------------
================================================================================
rust-libgit2-sys0.13-0.13.5-1.el9 (FEDORA-EPEL-2023-3ec55f8796)
Native bindings to the libgit2 library
--------------------------------------------------------------------------------
Update Information:
- Update the git2 crate to version 0.16.1. - Add a compat package for version
0.14 of the git2 crate. - Update the libgit2-sys crate to version 0.14.2. - Add
a compat package for version 0.13 of the libgit2-sys crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.13.5-1
- Initial import (libgit2-sys 0.13 compat package)
--------------------------------------------------------------------------------
DT is correct, this change is subject to the EPEL incompatible change
policy. apptainer-suid-1.1.8 by default disables mounting of ext3
filesystems, because of CVE-2023-30549
https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f…
Most users don't use this feature, but a significant minority does.
Apptainer has a non-setuid alternative for the same functionality if
unprivileged user namespaces are available.
The summary of the CVE is that the way that apptainer & singularity
allow mounts of ext3 filesystems in setuid mode raises the severity of
many ext4 filesystem CVEs (ext3 filesystems are implemented by the ext4
driver). OS vendors consider those CVEs to be low or moderate priority
because they assume that users do not have write access to the
underlying bits of the filesystem, but apptainer/singularity setuid mode
gives that access to users by default (before this release of apptainer).
Since vendors don't see urgency to patch low/moderate CVEs, it can take
a very long time for them to patch them and in fact RHEL7 is not patched
for one in particular. All this information came from a reliable source,
the owner of the ext4 kernel driver.
I am sorry to see that I have already done one step too many according
to the incompatible changes policy, and have made the release available
to epel-testing. However, I think it's important to make it available
that way for system administrators to install early. The large High
Energy Physics community that I represent has security teams that want
to be able to notify their site administrators to upgrade to respond to
this high severity CVE, and it would be so much better if the
announcement they send can say to install from epel-testing rather than
having to provide URLs to download from koji.
So, to the EPEL Steering Committee members: must I unpublish this update
from testing, or may I leave it there and send an announcement to
epel-announce that it is there and pending approval by the committee?
The bodhi settings are set so they won't get auto-updated by karma or
time.
And another question: should I submit an epel ticket for this? The
policy doesn't mention that.
Dave
On Wed, Apr 26, 2023 at 09:41:16AM +0100, David Trudgian wrote:
> Subject: Re: apptainer 1.1.8-1 appears to be an incompatible upgrade for apptainer-suid users
>
> Hello,
>
> The maintainer of the apptainer package has submitted updates to version 1.1.8-1 against epel-testing:
>
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-18a0e3fa23
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-44ff2475c4
> https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b31211e2ce
>
> I believe that the update should be considered an incompatible upgrade, requiring the incompatible upgrades policy to be followed, as it significantly changes behaviour for users who have the apptainer-setuid sub-package installed.
>
> The update now disallows, by default, workflows that involve ext format container images and overlays:
>
> ```
> # Before update
> $ apptainer exec sif-overlay.sif /bin/date
> Wed Apr 26 09:12:37 BST 2023
>
> # Update to the testing package
> $ sudo dnf update --enablerepo=epel-testing apptainer-suid
>
> # After update
> $ apptainer exec sif-overlay.sif /bin/date
> FATAL: configuration disallows users from mounting SIF extfs partition in setuid mode, try --userns
> ```
>
> I understand that the update is related to a security issue that upstream has published:
>
> CVE-2023-30549 - https://github.com/apptainer/apptainer/security/advisories/GHSA-j4rf-7357-f…
>
> However, I don't think this exempts the update from the incompatible upgrades policy?
>
> I'd also like to note that CVE-2023-30549 is dependent on and potentially a duplicate of CVE-2022-1184, which has been patched in EL8 and EL9, but admittedly not in EL7.
>
> Thanks,
>
> DT
>
>
golang-1.19.6 is now available in epel-testing for EPEL7, an update of a
minor version from 1.18.9. I expect it to be promoted in about a week
unless karma changes that.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ba899b9717
My policy for updating golang in EPEL7 is to follow the updates in RHEL8,
including whatever patches they include. RHEL 8.8 released yesterday
updated to golang-1.19.6.
Dave
The following Fedora EPEL 8 Security updates need testing:
Age URL
74 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-52d4a7be15 bitcoin-core-24.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
hamlib-4.5.5-1.el8
java-latest-openjdk-20.0.1.0.9-8.rolling.el8
libbgpdump-1.6.2-1.el8
Details about builds:
================================================================================
hamlib-4.5.5-1.el8 (FEDORA-EPEL-2023-291bd83129)
Run-time library to control radio transceivers and receivers
--------------------------------------------------------------------------------
Update Information:
https://github.com/Hamlib/Hamlib/compare/4.5.4...4.5.5
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Richard Shaw <hobbes1069(a)gmail.com> - 4.5.5-1
- Update to 4.5.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2184846 - hamlib-4.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2184846
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-20.0.1.0.9-8.rolling.el8 (FEDORA-EPEL-2023-b6354893cb)
OpenJDK 20 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
Updated the way we build the packages of STS JDK.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 11 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:20.0.1.0.9-8.rolling
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
* Wed May 10 2023 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:20.0.1.0.9-6.rolling
- Fix packaging of CDS archives
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-6.rolling
- faking build-id in libjsvml.so
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-5.rolling
- returned news
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-4.rolling
- now expecting the exact version in portbale filename
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-3.rolling
- updated to 20.0.1.0.9 underlying portables
* Wed Apr 19 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.0.0.36-3.rolling
- using icons from source package
- providing full sources via src package
- requiring exact version.reelase of portables
- returned libsystemconf.so
* Mon Apr 3 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.0.0.36-1.rolling
- bumed to jdk20
- removed no loger existing libsystemconf.so
- commented out usage if Source15 TestSecurityProperties.java test, as honoring of
-- system crypto policies comes from fips aptch which is not yet adapted
* Mon Jan 30 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:19.0.2.0.7-5.rolling
- Using icons whcih are now part of the portble tarball
* Mon Jan 30 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:19.0.2.0.7-4.rolling
- repacked bits are now requested in exact version
* Mon Jan 30 2023 Petra Alice Mikova <pmikova(a)redhat.com> - 1:19.0.2.0.7-3.rolling
- return libfreetype.so binary to resolve requires problems
- remove BuildRequires: java-latest-openjdk
--------------------------------------------------------------------------------
================================================================================
libbgpdump-1.6.2-1.el8 (FEDORA-EPEL-2023-72e9000941)
C library for analyzing BGP related dump files
--------------------------------------------------------------------------------
Update Information:
# libbgpdump v1.6.2 * Version fix and `make dist` # libbgpdump v1.6.1 *
Version bump for Github release/tag migration * Use `$(DESTDIR)`, `$(INSTALL)`
and `$(LDFLAGS)` for downstreams * Correct permissions for installed header
files (`*.h`) * Update `Makefile.in` to use `$(DESTDIR)` in the install stanza
* Add `-u` flag to print unknown attributes in oneline (`-m`) mode
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Robert Scheck <robert(a)fedoraproject.org> 1.6.2-1
- Upgrade to 1.6.2 (#2210804)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2210804 - libbgpdump-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2210804
--------------------------------------------------------------------------------
The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5521054c04 bitcoin-core-24.1-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-26dc71c550 wordpress-6.2.2-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
fluidsynth-2.3.2-2.el9
hamlib-4.5.5-1.el9
java-latest-openjdk-20.0.1.0.9-8.rolling.el9
libXISF-0.2.5-2.el9
libbgpdump-1.6.2-1.el9
python-autopage-0.5.1-1.el9
rust-aho-corasick-1.0.1-2.el9
rust-aho-corasick0.7-0.7.20-1.el9
rust-cbindgen-0.24.5-1.el9
rust-chrono-0.4.25-1.el9
rust-console-0.15.7-1.el9
rust-digest-0.10.7-1.el9
rust-dirs-5.0.1-1.el9
rust-dirs-sys-0.4.1-1.el9
rust-dirs-sys0.3-0.3.7-1.el9
rust-dirs4-4.0.0-1.el9
rust-indicatif-0.17.4-1.el9
rust-matchers-0.1.0-1.el9
rust-once_cell-1.17.2-1.el9
rust-option-ext-0.2.0-1.el9
rust-plist-1.4.3-1.el9
rust-quick-xml-0.28.2-1.el9
rust-quick-xml0.27-0.27.1-1.el9
rust-regex-1.8.3-1.el9
rust-regex-syntax-0.7.2-1.el9
rust-regex-syntax0.6-0.6.29-1.el9
rust-sharded-slab-0.1.4-3.el9
rust-socket2-0.5.3-1.el9
rust-tracing-log-0.1.3-3.el9
rust-tracing-serde-0.1.3-1.el9
rust-tracing-subscriber-0.3.17-1.el9
rust-xml-rs-0.8.13-1.el9
vim-go-1.28-1.el9
Details about builds:
================================================================================
fluidsynth-2.3.2-2.el9 (FEDORA-EPEL-2023-3f6171b6f3)
Real-time software synthesizer
--------------------------------------------------------------------------------
Update Information:
Change dependency for fluidsynth-devel
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 2.3.2-2
- Change dependency for fluidsynth-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2204482 - fluidsynth-devel depends on fluidsynth
https://bugzilla.redhat.com/show_bug.cgi?id=2204482
--------------------------------------------------------------------------------
================================================================================
hamlib-4.5.5-1.el9 (FEDORA-EPEL-2023-196a51ef7a)
Run-time library to control radio transceivers and receivers
--------------------------------------------------------------------------------
Update Information:
https://github.com/Hamlib/Hamlib/compare/4.5.4...4.5.5
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Richard Shaw <hobbes1069(a)gmail.com> - 4.5.5-1
- Update to 4.5.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2184846 - hamlib-4.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2184846
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-20.0.1.0.9-8.rolling.el9 (FEDORA-EPEL-2023-370b26e66e)
OpenJDK 20 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
Updated the way we build the packages of STS JDK.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 11 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:20.0.1.0.9-8.rolling
- Following JDK-8005165, class data sharing can be enabled on all JIT architectures
* Wed May 10 2023 Severin Gehwolf <sgehwolf(a)redhat.com> - 1:20.0.1.0.9-6.rolling
- Fix packaging of CDS archives
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-6.rolling
- faking build-id in libjsvml.so
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-5.rolling
- returned news
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-4.rolling
- now expecting the exact version in portbale filename
* Fri Apr 28 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.1.0.9-3.rolling
- updated to 20.0.1.0.9 underlying portables
* Wed Apr 19 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.0.0.36-3.rolling
- using icons from source package
- providing full sources via src package
- requiring exact version.reelase of portables
- returned libsystemconf.so
* Mon Apr 3 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:20.0.0.0.36-1.rolling
- bumed to jdk20
- removed no loger existing libsystemconf.so
- commented out usage if Source15 TestSecurityProperties.java test, as honoring of
-- system crypto policies comes from fips aptch which is not yet adapted
* Mon Jan 30 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:19.0.2.0.7-5.rolling
- Using icons whcih are now part of the portble tarball
* Mon Jan 30 2023 Jiri Vanek <jvanek(a)redhat.com> - 1:19.0.2.0.7-4.rolling
- repacked bits are now requested in exact version
* Mon Jan 30 2023 Petra Alice Mikova <pmikova(a)redhat.com> - 1:19.0.2.0.7-3.rolling
- return libfreetype.so binary to resolve requires problems
- remove BuildRequires: java-latest-openjdk
--------------------------------------------------------------------------------
================================================================================
libXISF-0.2.5-2.el9 (FEDORA-EPEL-2023-5024f11718)
Library to load and write XISF format
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.5 and provide pkgconfig file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Adam Williamson <awilliam(a)redhat.com> - 0.2.5-2
- Backport patches from upstream to fix pkgconfig file
* Sun May 28 2023 Mattia Verga <mattia.verga(a)proton.me> - 0.2.5-1
- Update to 0.2.5 (fedora#2208667)
- Added pkgconfig file
--------------------------------------------------------------------------------
================================================================================
libbgpdump-1.6.2-1.el9 (FEDORA-EPEL-2023-96f19e051d)
C library for analyzing BGP related dump files
--------------------------------------------------------------------------------
Update Information:
# libbgpdump v1.6.2 * Version fix and `make dist` # libbgpdump v1.6.1 *
Version bump for Github release/tag migration * Use `$(DESTDIR)`, `$(INSTALL)`
and `$(LDFLAGS)` for downstreams * Correct permissions for installed header
files (`*.h`) * Update `Makefile.in` to use `$(DESTDIR)` in the install stanza
* Add `-u` flag to print unknown attributes in oneline (`-m`) mode
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Robert Scheck <robert(a)fedoraproject.org> 1.6.2-1
- Upgrade to 1.6.2 (#2210804)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2210804 - libbgpdump-1.6.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2210804
--------------------------------------------------------------------------------
================================================================================
python-autopage-0.5.1-1.el9 (FEDORA-EPEL-2023-0759487e30)
A Python library to provide automatic paging for console output
--------------------------------------------------------------------------------
Update Information:
Add python-autopage package to EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 24 2023 Zane Bitter <zaneb(a)fedoraproject.org> 0.5.1-1
- Initial build for EPEL 9
--------------------------------------------------------------------------------
================================================================================
rust-aho-corasick-1.0.1-2.el9 (FEDORA-EPEL-2023-29e528572d)
Fast multiple substring searching
--------------------------------------------------------------------------------
Update Information:
- Update the regex crate to version 1.8.3. - Update the regex-syntax crate to
version 0.7.2. - Add a compat package for version 0.6 of the regex-syntax crate.
- Update the aho-corasick crate to version 1.0.1. - Add a compat package for
version 0.7 of the aho-corasick crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.1-2
- Ignore harmless test failures on 32-bit and big-endian architectures
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.1-1
- Update to version 1.0.1; Fixes RHBZ#2187506
--------------------------------------------------------------------------------
================================================================================
rust-aho-corasick0.7-0.7.20-1.el9 (FEDORA-EPEL-2023-29e528572d)
Fast multiple substring searching
--------------------------------------------------------------------------------
Update Information:
- Update the regex crate to version 1.8.3. - Update the regex-syntax crate to
version 0.7.2. - Add a compat package for version 0.6 of the regex-syntax crate.
- Update the aho-corasick crate to version 1.0.1. - Add a compat package for
version 0.7 of the aho-corasick crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.7.20-1
- Initial import (aho-corasick 0.7 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-cbindgen-0.24.5-1.el9 (FEDORA-EPEL-2023-04e0959213)
Tool for generating C bindings to Rust code
--------------------------------------------------------------------------------
Update Information:
Update to version 0.24.5.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.24.5-1
- Update to version 0.24.5; Fixes RHBZ#2210810
* Sat Feb 4 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.24.3-3
- Rebuild for fixed frame pointer compiler flags in Rust RPM macros
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.24.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-chrono-0.4.25-1.el9 (FEDORA-EPEL-2023-e56273cea2)
Date and time library for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4.25.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.25-1
- Update to version 0.4.25; Fixes RHBZ#2210747
--------------------------------------------------------------------------------
================================================================================
rust-console-0.15.7-1.el9 (FEDORA-EPEL-2023-119ce6cff2)
Terminal and console abstraction for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.15.7.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.15.7-1
- Update to version 0.15.7; Fixes RHBZ#2208887
--------------------------------------------------------------------------------
================================================================================
rust-digest-0.10.7-1.el9 (FEDORA-EPEL-2023-ad7aa7bb27)
Traits for cryptographic hash functions and message authentication codes
--------------------------------------------------------------------------------
Update Information:
Update to version 0.10.7.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.10.7-1
- Update to version 0.10.7; Fixes RHBZ#2155057
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-dirs-5.0.1-1.el9 (FEDORA-EPEL-2023-fe13b3166f)
Platform abstractions for common directories
--------------------------------------------------------------------------------
Update Information:
- Update the dirs crate to version 5.0.1. - Update the dirs-sys crate to version
0.4.1. - Add a compat package for version 4 of the dirs crate. - Add a compat
package for version 0.3 of the dirs-sys crate. - Initial packaging of the
option-ext crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 5.0.1-1
- Update to version 5.0.1; Fixes RHBZ#2179647
* Thu May 25 2023 Fabio Valentini <decathorpe(a)gmail.com> - 4.0.0-5
- Regenerate with rust2rpm v24
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-dirs-sys-0.4.1-1.el9 (FEDORA-EPEL-2023-fe13b3166f)
System-level helper functions for the dirs and directories crates
--------------------------------------------------------------------------------
Update Information:
- Update the dirs crate to version 5.0.1. - Update the dirs-sys crate to version
0.4.1. - Add a compat package for version 4 of the dirs crate. - Add a compat
package for version 0.3 of the dirs-sys crate. - Initial packaging of the
option-ext crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.1-1
- Update to version 0.4.1; Fixes RHBZ#2175300
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-dirs-sys0.3-0.3.7-1.el9 (FEDORA-EPEL-2023-fe13b3166f)
System-level helper functions for the dirs and directories crates
--------------------------------------------------------------------------------
Update Information:
- Update the dirs crate to version 5.0.1. - Update the dirs-sys crate to version
0.4.1. - Add a compat package for version 4 of the dirs crate. - Add a compat
package for version 0.3 of the dirs-sys crate. - Initial packaging of the
option-ext crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.7-1
- Initial import (dirs-sys 0.3 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-dirs4-4.0.0-1.el9 (FEDORA-EPEL-2023-fe13b3166f)
Platform abstractions for common directories
--------------------------------------------------------------------------------
Update Information:
- Update the dirs crate to version 5.0.1. - Update the dirs-sys crate to version
0.4.1. - Add a compat package for version 4 of the dirs crate. - Add a compat
package for version 0.3 of the dirs-sys crate. - Initial packaging of the
option-ext crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 4.0.0-1
- Initial import (dirs 4 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-indicatif-0.17.4-1.el9 (FEDORA-EPEL-2023-b9708a8c74)
Progress bar and cli reporting library for Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.17.4.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.17.4-1
- Update to version 0.17.4; Fixes RHBZ#2210712
--------------------------------------------------------------------------------
================================================================================
rust-matchers-0.1.0-1.el9 (FEDORA-EPEL-2023-f0e6fc0c25)
Regex matching on character and byte streams
--------------------------------------------------------------------------------
Update Information:
Import of the packages for the tracing-subscriber, tracing-log, tracing-serde,
sharded-slab, and matchers crates into EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 20 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.0-1
- Initial import (#2187798)
--------------------------------------------------------------------------------
================================================================================
rust-once_cell-1.17.2-1.el9 (FEDORA-EPEL-2023-409bc9b83f)
Single assignment cells and lazy values
--------------------------------------------------------------------------------
Update Information:
Update to version 1.17.2.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Jan Stan��k <jstanek(a)redhat.com> - 1.17.2-1
- Update to version 1.17.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2210760 - rust-once_cell-1.17.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2210760
--------------------------------------------------------------------------------
================================================================================
rust-option-ext-0.2.0-1.el9 (FEDORA-EPEL-2023-fe13b3166f)
Extends Option with additional operations
--------------------------------------------------------------------------------
Update Information:
- Update the dirs crate to version 5.0.1. - Update the dirs-sys crate to version
0.4.1. - Add a compat package for version 4 of the dirs crate. - Add a compat
package for version 0.3 of the dirs-sys crate. - Initial packaging of the
option-ext crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.0-1
- Initial import (#2210816)
--------------------------------------------------------------------------------
================================================================================
rust-plist-1.4.3-1.el9 (FEDORA-EPEL-2023-98a322869e)
Rusty plist parser
--------------------------------------------------------------------------------
Update Information:
- Update the plist crate to version 1.4.3. - Update the quick-xml crate to
version 0.28.2. - Add a compat package for version 0.27 of the quick-xml crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.4.3-1
- Update to version 1.4.3; Fixes RHBZ#2179640
--------------------------------------------------------------------------------
================================================================================
rust-quick-xml-0.28.2-1.el9 (FEDORA-EPEL-2023-98a322869e)
High performance xml reader and writer
--------------------------------------------------------------------------------
Update Information:
- Update the plist crate to version 1.4.3. - Update the quick-xml crate to
version 0.28.2. - Add a compat package for version 0.27 of the quick-xml crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.28.2-1
- Update to version 0.28.2; Fixes RHBZ#2177831
--------------------------------------------------------------------------------
================================================================================
rust-quick-xml0.27-0.27.1-1.el9 (FEDORA-EPEL-2023-98a322869e)
High performance xml reader and writer
--------------------------------------------------------------------------------
Update Information:
- Update the plist crate to version 1.4.3. - Update the quick-xml crate to
version 0.28.2. - Add a compat package for version 0.27 of the quick-xml crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.27.1-1
- Initial import (quick-xml 0.27 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-regex-1.8.3-1.el9 (FEDORA-EPEL-2023-29e528572d)
Implementation of regular expressions for Rust
--------------------------------------------------------------------------------
Update Information:
- Update the regex crate to version 1.8.3. - Update the regex-syntax crate to
version 0.7.2. - Add a compat package for version 0.6 of the regex-syntax crate.
- Update the aho-corasick crate to version 1.0.1. - Add a compat package for
version 0.7 of the aho-corasick crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.8.3-1
- Update to version 1.8.3; Fixes RHBZ#2188500
--------------------------------------------------------------------------------
================================================================================
rust-regex-syntax-0.7.2-1.el9 (FEDORA-EPEL-2023-29e528572d)
Regular expression parser
--------------------------------------------------------------------------------
Update Information:
- Update the regex crate to version 1.8.3. - Update the regex-syntax crate to
version 0.7.2. - Add a compat package for version 0.6 of the regex-syntax crate.
- Update the aho-corasick crate to version 1.0.1. - Add a compat package for
version 0.7 of the aho-corasick crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.7.2-1
- Update to version 0.7.2; Fixes RHBZ#2188501
--------------------------------------------------------------------------------
================================================================================
rust-regex-syntax0.6-0.6.29-1.el9 (FEDORA-EPEL-2023-29e528572d)
Regular expression parser
--------------------------------------------------------------------------------
Update Information:
- Update the regex crate to version 1.8.3. - Update the regex-syntax crate to
version 0.7.2. - Add a compat package for version 0.6 of the regex-syntax crate.
- Update the aho-corasick crate to version 1.0.1. - Add a compat package for
version 0.7 of the aho-corasick crate.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.6.29-1
- Initial import (regex-syntax 0.6 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-sharded-slab-0.1.4-3.el9 (FEDORA-EPEL-2023-f0e6fc0c25)
Lock-free concurrent slab
--------------------------------------------------------------------------------
Update Information:
Import of the packages for the tracing-subscriber, tracing-log, tracing-serde,
sharded-slab, and matchers crates into EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu May 5 2022 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.4-1
- Initial import (#2051039)
--------------------------------------------------------------------------------
================================================================================
rust-socket2-0.5.3-1.el9 (FEDORA-EPEL-2023-5a46db1602)
Utilities for handling networking sockets
--------------------------------------------------------------------------------
Update Information:
Update to version 0.5.3.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2203389
--------------------------------------------------------------------------------
================================================================================
rust-tracing-log-0.1.3-3.el9 (FEDORA-EPEL-2023-f0e6fc0c25)
Provides compatibility between tracing and the log crate
--------------------------------------------------------------------------------
Update Information:
Import of the packages for the tracing-subscriber, tracing-log, tracing-serde,
sharded-slab, and matchers crates into EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu May 5 2022 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.3-1
- Initial import (#2051037)
--------------------------------------------------------------------------------
================================================================================
rust-tracing-serde-0.1.3-1.el9 (FEDORA-EPEL-2023-f0e6fc0c25)
Compatibility layer for serializing trace data with serde
--------------------------------------------------------------------------------
Update Information:
Import of the packages for the tracing-subscriber, tracing-log, tracing-serde,
sharded-slab, and matchers crates into EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 21 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.1.3-1
- Initial import (#2187791)
--------------------------------------------------------------------------------
================================================================================
rust-tracing-subscriber-0.3.17-1.el9 (FEDORA-EPEL-2023-f0e6fc0c25)
Utilities for implementing and composing tracing subscribers
--------------------------------------------------------------------------------
Update Information:
Import of the packages for the tracing-subscriber, tracing-log, tracing-serde,
sharded-slab, and matchers crates into EPEL 9.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.17-1
- Initial import (#2187797)
--------------------------------------------------------------------------------
================================================================================
rust-xml-rs-0.8.13-1.el9 (FEDORA-EPEL-2023-63d1a1b69f)
XML library in pure Rust
--------------------------------------------------------------------------------
Update Information:
Update to version 0.8.13.
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.13-1
- Update to version 0.8.13; Fixes RHBZ#2209160
--------------------------------------------------------------------------------
================================================================================
vim-go-1.28-1.el9 (FEDORA-EPEL-2023-4a97e7705a)
Go development plugin for Vim
--------------------------------------------------------------------------------
Update Information:
Changelog: https://github.com/fatih/vim-
go/blob/9b6c5a66a1305179e9b130a8074d05973ea57315/CHANGELOG.md#v128---
december-17-2022
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 29 2023 Nikola Forr�� <nforro(a)redhat.com> - 1.28-1
- Update to 1.28
Resolves: #2208452
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2208452 - Please update vim-go to 1.28 in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2208452
--------------------------------------------------------------------------------
The following Fedora EPEL 8 Security updates need testing:
Age URL
73 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e00c3d01e cutter-re-2.2.0-1.el8 rizin-0.5.1-1.el8
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-52d4a7be15 bitcoin-core-24.1-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
distribution-gpg-keys-1.88-1.el8
lua-readline-3.3-1.el8
python-paramiko-2.12.0-1.el8
Details about builds:
================================================================================
distribution-gpg-keys-1.88-1.el8 (FEDORA-EPEL-2023-dbd2a9c948)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
- update copr keys - add per distro/version link to proper key for remi - update
brave keys - add Docker key - add mullvad key
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 28 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.88-1
- update copr keys
- add per distro/version link to proper key for remi
- update brave keys
- add Docker key
- add mullvad key
--------------------------------------------------------------------------------
================================================================================
lua-readline-3.3-1.el8 (FEDORA-EPEL-2023-0d3b83188b)
Lua interface to the readline and history libraries
--------------------------------------------------------------------------------
Update Information:
- Update to 3.3 (#2185584) - Upstream change: return `nil` if `ctrl-D` is
first char
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 28 2023 Robert Scheck <robert(a)fedoraproject.org> 3.3-1
- Update to 3.3 (#2185584)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2185584 - lua-readline-3.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2185584
--------------------------------------------------------------------------------
================================================================================
python-paramiko-2.12.0-1.el8 (FEDORA-EPEL-2023-294cf22ce7)
SSH2 protocol library for python
--------------------------------------------------------------------------------
Update Information:
Update to 2.12.0 for EL9 compatibility
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 6 2022 Paul Howarth <paul(a)city-fan.org> - 2.12.0-1
- Update to 2.12.0 (rhbz#2140281)
- Add a 'transport_factory' kwarg to 'SSHClient.connect' for advanced users
to gain more control over early Transport setup and manipulation (GH#2054,
GH#2125)
- Update '~paramiko.client.SSHClient' so it explicitly closes its wrapped
socket object upon encountering socket errors at connection time; this
should help somewhat with certain classes of memory leaks, resource
warnings, and/or errors (though we hasten to remind everyone that Client
and Transport have their own '.close()' methods for use in non-error
situations!) (GH#1822)
- Raise '~paramiko.ssh_exception.SSHException' explicitly when blank private
key data is loaded, instead of the natural result of 'IndexError'; this
should help more bits of Paramiko or Paramiko-adjacent codebases to
correctly handle this class of error (GH#1599, GH#1637)
- Use SPDX-format license tag
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.11.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint(a)redhat.com> - 2.11.0-2
- Rebuilt for Python 3.11
* Tue May 17 2022 Paul Howarth <paul(a)city-fan.org> - 2.11.0-1
- Update to 2.11.0
- Align signature verification algorithm with OpenSSH re: zero-padding
signatures that don't match their nominal size/length; this shouldn't
affect most users, but will help Paramiko-implemented SSH servers handle
poorly behaved clients such as PuTTY (GH#1933)
- OpenSSH 7.7 and older has a bug preventing it from understanding how to
perform SHA2 signature verification for RSA certificates (specifically
certs - not keys), so when we added SHA2 support it broke all clients using
RSA certificates with these servers; this has been fixed in a manner similar
to what OpenSSH's own client does - a version check is performed and the
algorithm used is downgraded if needed (GH#2017)
- Recent versions of Cryptography have deprecated Blowfish algorithm support;
in lieu of an easy method for users to remove it from the list of
algorithms Paramiko tries to import and use, we've decided to remove it
from our "preferred algorithms" list, which will both discourage use of a
weak algorithm, and avoid warnings (GH#2038, GH#2039)
- Windows-native SSH agent support as merged in 2.10 could encounter
'Errno 22' 'OSError' exceptions in some scenarios (e.g. server not cleanly
closing a relevant named pipe); this has been worked around and should be
less problematic (GH#2008, GH#2010)
- Add SSH config token expansion (eg '%h', '%p') when parsing 'ProxyJump'
directives (GH#1951)
- Apply unittest 'skipIf' to tests currently using SHA1 in their critical
path, to avoid failures on systems starting to disable SHA1 outright in
their crypto backends (e.g. RHEL 9) (GH#2004, GH#2011)
* Tue Apr 26 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.4-1
- Update to 2.10.4
- Update 'camelCase' method calls against the 'threading' module to be
'snake_case'; this and related tweaks should fix some deprecation warnings
under Python 3.10 (GH#1838, GH#1870, GH#2028)
- '~paramiko.pkey.PKey' instances' '__eq__' did not have the usual safety
guard in place to ensure they were being compared to another 'PKey' object,
causing occasional spurious 'BadHostKeyException', among other things
(GH#1964, GH#2023, GH#2024)
- Servers offering certificate variants of hostkey algorithms (e.g.
'ssh-rsa-cert-v01(a)openssh.com') could not have their host keys verified by
Paramiko clients, as it only ever considered non-cert key types for that
part of connection handshaking (GH#2035)
* Mon Mar 21 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.3-2
- Skip tests that would fail without SHA-1 signing support in backend, such as
on EL-9 (GH#2011)
* Sat Mar 19 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.3-1
- Update to 2.10.3
- Certificate-based pubkey auth was inadvertently broken when adding SHA2
support in version 2.9.0 (GH#1963, GH#1977)
- Switch from module-global to thread-local storage when recording thread IDs
for a logging helper; this should avoid one flavor of memory leak for
long-running processes (GH#2002, GH#2003)
* Tue Mar 15 2022 Paul Howarth <paul(a)city-fan.org> - 2.10.2-1
- Update to 2.10.2
- Fix Python 2 compatibility breakage introduced in 2.10.1 (GH#2001)
- Re-enable sftp tests, no longer failing under mock
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2190476 - paramiko 2.4.3 cannot auth with RSA keypairs to RHEL 9 servers
https://bugzilla.redhat.com/show_bug.cgi?id=2190476
--------------------------------------------------------------------------------