Fedora EPEL 9 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d573bf038f plantuml-1.2023.11-2.el9
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3 chromium-117.0.5938.92-2.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-93ac846983 xrdp-0.9.23.1-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
clustershell-1.9.2-1.el9
composer-2.6.4-1.el9
fedora-license-data-1.31-1.el9
packit-0.82.0-1.el9
python-url-normalize-1.4.3-1.el9
pythoncapi-compat-0^20230929git671fb69-1.el9
Details about builds:
================================================================================
clustershell-1.9.2-1.el9 (FEDORA-EPEL-2023-f098c37044)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 1.9.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Stephane Thiell <sthiell(a)stanford.edu> 1.9.2-1
- update to 1.9.2
--------------------------------------------------------------------------------
================================================================================
composer-2.6.4-1.el9 (FEDORA-EPEL-2023-9791f0b66c)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.6.4** - 2023-09-29 * Security: Fixed possible remote code
execution vulnerability if composer.phar is publicly accessible, executable as
PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf /
**CVE-2023-43655**) * Fixed json output of abandoned packages in audit command
(#11647) * Performance improvement in pool optimization step (#11638) *
Performance improvement in `show -a <packagename>` (#11659)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Remi Collet <remi(a)remirepo.net> - 2.6.4-1
- update to 2.6.4
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.31-1.el9 (FEDORA-EPEL-2023-cde92b8269)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
Automatic update for fedora-license-data-1.31-1.el9. ##### **Changelog for
fedora-license-data** ``` * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com>
1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new
license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND-
export-US-modify - Add a public domain dedication from the SWORD Project - Add
LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only
WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain
dedication for QEMU - Add QEMU to the rijndael (AES) public domain license
reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL-
exception - new license: McPhee-slideshow - new license: HPND-DEC - new license:
magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names
of Linux-syscall-note TOML files - Add reference to EDK2 package public domain
code - new license: HPND-sell-regexpr - new license: Cronyx - new license:
Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new
license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license
- new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text
from mingw-headers/mingw-winpthreads packages - Add public domain test from
Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed
license: LicenseRef-Tyrian - Add public domain entry for squid ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1
- new license: GPL-2.0-or-later WITH Autoconf-exception-macro
- new license: LGPL-3.0-or-later WITH Autoconf-exception-macro
- new license: HPND-export-US-modify
- Add a public domain dedication from the SWORD Project
- Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed
- new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1
- new license: SGI-OpenGL
- Add jhash public domain dedication for QEMU
- Add QEMU to the rijndael (AES) public domain license reference
- new license: SSH-short
- new license: GPL-2.0-or-later WITH UBDL-exception
- new license: McPhee-slideshow
- new license: HPND-DEC
- new license: magaz
- new license: ulem
- new license: fwlw
- new license: Kastrup
- Fix names of Linux-syscall-note TOML files
- Add reference to EDK2 package public domain code
- new license: HPND-sell-regexpr
- new license: Cronyx
- new license: Lucida-Bitmap-Fonts
- new license: LPPL-1.3c
- new license: swrule
- new license: BSD-Inferno-Nettverk
- Some code in OpenSSH has a Public Domain license
- new license: ssh-keyscan
- new license: HPND-Pbmplus
- Add public domain text from mingw-headers/mingw-winpthreads packages
- Add public domain test from Augeas project
- new license: BSD-Attribution-HPND-disclaimer
- new not allowed license: LicenseRef-Tyrian
- Add public domain entry for squid
--------------------------------------------------------------------------------
================================================================================
packit-0.82.0-1.el9 (FEDORA-EPEL-2023-f2e1fb408e)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-0.82.0-1.el9. ##### **Changelog for packit** ``` *
Fri Sep 29 2023 Packit <hello(a)packit.dev> - 0.82.0-1 - You can now specify bugs
resolved by an update by `-b` or `--resolve-bug` option for `propose-downstream`
and `pull-from-upstream` commands. The values will be added by default to the
changelog and commit message and provided in `commit-message` and `changelog-
entry` actions as `PACKIT_RESOLVED_BUGS` env variable. (#2094) - Resolves
rhbz#2240355 * Sat Sep 23 2023 Packit <hello(a)packit.dev> - 0.81.0-1 - Packit
now supports the `pkg_tool` option in the config (at the top-level or with
specific packages when using the monorepo syntax). This option can be used for
switching between `fedpkg` or `centpkg`. (#2085) - When updating the `Version`
tag during `propose_downstream` or `pull_from_upstream`, Packit now tries to
update referenced macros (if any) rather than overwriting the references.
(#2087) - If you have concerns about Packit uploading new archives to lookaside
cache before creating a pull request, you can newly set `upload_sources` to
False to disable this. (#2086) - We have fixed a bug that could cause duplicit
PRs to be created when using the `commit-message` action. (#2080) - Packit now
supports `commit-message` action that can be used to override the default commit
message produced by Packit during `propose-downstream` or `pull-from-upstream`.
Please pay attention to our
[documentation](https://packit.dev/docs/configuration/actions#commit-message)
with regards to the usage of this action. (#2070) ``` ---- Automatic update
for packit-0.81.0-1.el9. ##### **Changelog for packit** ``` * Sat Sep 23 2023
Packit <hello(a)packit.dev> - 0.81.0-1 - Packit now supports the `pkg_tool` option
in the config (at the top-level or with specific packages when using the
monorepo syntax). This option can be used for switching between `fedpkg` or
`centpkg`. (#2085) - When updating the `Version` tag during `propose_downstream`
or `pull_from_upstream`, Packit now tries to update referenced macros (if any)
rather than overwriting the references. (#2087) - If you have concerns about
Packit uploading new archives to lookaside cache before creating a pull request,
you can newly set `upload_sources` to False to disable this. (#2086) - We have
fixed a bug that could cause duplicit PRs to be created when using the `commit-
message` action. (#2080) - Packit now supports `commit-message` action that can
be used to override the default commit message produced by Packit during
`propose-downstream` or `pull-from-upstream`. Please pay attention to our
[documentation](https://packit.dev/docs/configuration/actions#commit-message)
with regards to the usage of this action. (#2070) ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Packit <hello(a)packit.dev> - 0.82.0-1
- You can now specify bugs resolved by an update by `-b` or `--resolve-bug` option for `propose-downstream` and `pull-from-upstream` commands. The values will be added by default to the changelog and commit message and provided in `commit-message` and `changelog-entry` actions as `PACKIT_RESOLVED_BUGS` env variable. (#2094)
- Resolves rhbz#2240355
* Sat Sep 23 2023 Packit <hello(a)packit.dev> - 0.81.0-1
- Packit now supports the `pkg_tool` option in the config (at the top-level or with specific packages when using the monorepo syntax). This option can be used for switching between `fedpkg` or `centpkg`. (#2085)
- When updating the `Version` tag during `propose_downstream` or `pull_from_upstream`, Packit now tries to update referenced macros (if any) rather than overwriting the references. (#2087)
- If you have concerns about Packit uploading new archives to lookaside cache before creating a pull request, you can newly set `upload_sources` to False to disable this. (#2086)
- We have fixed a bug that could cause duplicit PRs to be created when using the `commit-message` action. (#2080)
- Packit now supports `commit-message` action that can be used to override the default commit message produced by Packit during `propose-downstream` or `pull-from-upstream`. Please pay attention to our [documentation](https://packit.dev/docs/configuration/actions#commit-message) with regards to the usage of this action. (#2070)
--------------------------------------------------------------------------------
================================================================================
python-url-normalize-1.4.3-1.el9 (FEDORA-EPEL-2023-5d464fd883)
Python URI normalizator
--------------------------------------------------------------------------------
Update Information:
initial specfile
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Andrew Bauer <zonexpertconsulting(a)outlook.com> - 1.4.3-1
- initial specfile
- 1.4.3 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2240783 - Review Request: python-url-normalize - Python URI normalizator
https://bugzilla.redhat.com/show_bug.cgi?id=2240783
--------------------------------------------------------------------------------
================================================================================
pythoncapi-compat-0^20230929git671fb69-1.el9 (FEDORA-EPEL-2023-932a4f0b7e)
Python C API compatibility
--------------------------------------------------------------------------------
Update Information:
Update to `0^20230929git671fb69` - Adds `PyObject_HasAttrWithError()` and
`PyObject_HasAttrStringWithError()` functions. - Fixes
`PyObject_GetOptionalAttrString()`: set result to `NULL` on error.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 29 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0^20230929git671fb69-1
- Update to 0^20230929git671fb69
- Adds PyObject_HasAttrWithError() and PyObject_HasAttrStringWithError()
functions.
- Fixes PyObject_GetOptionalAttrString(): set result to NULL on error.
--------------------------------------------------------------------------------