September 2023 - epel-devel - Fedora Mailing-Lists

Proposed incompatible security update for llhttp in EPEL9

by Ben Beasley

This email proposes upgrading the llhttp package in EPEL9 from 6.0.10 to 8.1.1, which would break the ABI and bump the SONAME version, under the EPEL Incompatible Upgrades Policy[1]. The llhttp package is a C library (transpiled from TypeScript) that provides the low-level HTTP support for NodeJS and for python-aiohttp. Currently, only python-aiohttp depends on the llhttp package in EPEL9. Versions of llhttp prior to 8.1.1 are affected by CVE-2023-30589[2], an HTTP request smuggling vulnerability rated 7.7 HIGH in CVSS v3 and rated Moderate by Red Hat. The GitHub advisory for llhttp is GHSA-cggh-pq45-6h9x[3]; the advisory for python-aiohttp is GHSA-45c4-8wx5-qw6w[4]. Upstream for python-aiohttp fixed this by updating llhttp (which they bundle, but we unbundle) in release 3.8.5. I am not comfortable attempting to backport the fix to an older release of llhttp. My preferred solution would be to update llhttp to 8.1.1[5] and (in the same side tag) update python-aiohttp to 3.8.5[6]. The ABI break in llhttp would only affect python-aiohttp; the python-aiohttp update itself is compatible (by upstream intent, and verified in COPR[7]); and a number of packages that depend on python-aiohttp would benefit from the fix. If this exception request is not approved, my fallback plan is to propose rebuilding python-aiohttp in EPEL9 with AIOHTTP_NO_EXTENSIONS=1, which would convert it to a pure-Python package. This is a documented mitigation, but comes with potentially serious performance regressions, again affecting a number of dependent packages. The llhttp package would become a leaf package and would remain unpatched. The same incompatible update was approved by FESCo for Fedora 37[8]. The purpose of this email is to document and explain the proposed update, to begin the minimum one-week discussion period mandated by the EPEL Incompatible Upgrades Policy, and to request that the update be added to the agenda for an upcoming EPEL meeting. [1] https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrad... [2] https://access.redhat.com/security/cve/CVE-2023-30589 [3] https://github.com/advisories/GHSA-cggh-pq45-6h9x [4] https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w [5] https://src.fedoraproject.org/rpms/llhttp/pull-request/14 [6] https://src.fedoraproject.org/rpms/python-aiohttp/pull-request/26 [7] https://copr.fedorainfracloud.org/coprs/music/aiohttp-epel9/packages/ [8] https://pagure.io/fesco/issue/3049

4 months, 3 weeks

3
6
0 / 0

retirement of klee from EPEL 9

by Carl George

It recently came to my attention that the klee package in EPEL 9 needed to be rebuilt against the LLVM 15 library that shipped in RHEL 9.2. I filed a bug for this [0], and then noticed it was assigned to "Orphan Owner". It looks like the maintainer retired it from Fedora [1][2] due the upstream not being compatible with LLVM 15 [3]. I am not the maintainer of this package, but I intend to retire this package from EPEL 9 to avoid having a package with installation issue lingering around. The EPEL retirement policy [4] doesn't cover this exact scenario, so I plan to bring it up for discussion at the next EPEL Steering Committee meeting. We could delay the retirement for one week (the policy for security-related retirements) or two weeks (the policy for lack-of-time retirements), but my preference would be to retire it ASAP. [0] https://bugzilla.redhat.com/show_bug.cgi?id=2241277 [1] https://src.fedoraproject.org/rpms/klee/c/35fdedce2021112b996a9d38bf3e93c... [2] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o... [3] https://github.com/klee/klee/pull/1648 [4] https://docs.fedoraproject.org/en-US/epel/epel-policy-retirement/ -- Carl George

6 months, 2 weeks

4
4
0 / 0

Fedora EPEL 8 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-49fe68774a plantuml-1.2023.11-1.el8 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5 chromium-117.0.5938.92-2.el8 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-27c714a6a4 xrdp-0.9.23.1-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing clustershell-1.9.2-1.el8 fedora-license-data-1.31-1.el8 Details about builds: ================================================================================ clustershell-1.9.2-1.el8 (FEDORA-EPEL-2023-b0fd443313) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.9.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Stephane Thiell <sthiell(a)stanford.edu> 1.9.2-1 - update to 1.9.2 -------------------------------------------------------------------------------- ================================================================================ fedora-license-data-1.31-1.el8 (FEDORA-EPEL-2023-fa62323883) Fedora Linux license data -------------------------------------------------------------------------------- Update Information: Automatic update for fedora-license-data-1.31-1.el8. ##### **Changelog for fedora-license-data** ``` * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND- export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL- exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid ``` -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND-export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL-exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 9 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 9 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d573bf038f plantuml-1.2023.11-2.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3 chromium-117.0.5938.92-2.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-93ac846983 xrdp-0.9.23.1-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing clustershell-1.9.2-1.el9 composer-2.6.4-1.el9 fedora-license-data-1.31-1.el9 packit-0.82.0-1.el9 python-url-normalize-1.4.3-1.el9 pythoncapi-compat-0^20230929git671fb69-1.el9 Details about builds: ================================================================================ clustershell-1.9.2-1.el9 (FEDORA-EPEL-2023-f098c37044) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.9.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Stephane Thiell <sthiell(a)stanford.edu> 1.9.2-1 - update to 1.9.2 -------------------------------------------------------------------------------- ================================================================================ composer-2.6.4-1.el9 (FEDORA-EPEL-2023-9791f0b66c) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.6.4** - 2023-09-29 * Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / **CVE-2023-43655**) * Fixed json output of abandoned packages in audit command (#11647) * Performance improvement in pool optimization step (#11638) * Performance improvement in `show -a <packagename>` (#11659) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Remi Collet <remi(a)remirepo.net> - 2.6.4-1 - update to 2.6.4 -------------------------------------------------------------------------------- ================================================================================ fedora-license-data-1.31-1.el9 (FEDORA-EPEL-2023-cde92b8269) Fedora Linux license data -------------------------------------------------------------------------------- Update Information: Automatic update for fedora-license-data-1.31-1.el9. ##### **Changelog for fedora-license-data** ``` * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND- export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL- exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid ``` -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND-export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL-exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid -------------------------------------------------------------------------------- ================================================================================ packit-0.82.0-1.el9 (FEDORA-EPEL-2023-f2e1fb408e) A tool for integrating upstream projects with Fedora operating system -------------------------------------------------------------------------------- Update Information: Automatic update for packit-0.82.0-1.el9. ##### **Changelog for packit** ``` * Fri Sep 29 2023 Packit <hello(a)packit.dev> - 0.82.0-1 - You can now specify bugs resolved by an update by `-b` or `--resolve-bug` option for `propose-downstream` and `pull-from-upstream` commands. The values will be added by default to the changelog and commit message and provided in `commit-message` and `changelog- entry` actions as `PACKIT_RESOLVED_BUGS` env variable. (#2094) - Resolves rhbz#2240355 * Sat Sep 23 2023 Packit <hello(a)packit.dev> - 0.81.0-1 - Packit now supports the `pkg_tool` option in the config (at the top-level or with specific packages when using the monorepo syntax). This option can be used for switching between `fedpkg` or `centpkg`. (#2085) - When updating the `Version` tag during `propose_downstream` or `pull_from_upstream`, Packit now tries to update referenced macros (if any) rather than overwriting the references. (#2087) - If you have concerns about Packit uploading new archives to lookaside cache before creating a pull request, you can newly set `upload_sources` to False to disable this. (#2086) - We have fixed a bug that could cause duplicit PRs to be created when using the `commit-message` action. (#2080) - Packit now supports `commit-message` action that can be used to override the default commit message produced by Packit during `propose-downstream` or `pull-from-upstream`. Please pay attention to our [documentation](https://packit.dev/docs/configuration/actions#commit-message) with regards to the usage of this action. (#2070) ``` ---- Automatic update for packit-0.81.0-1.el9. ##### **Changelog for packit** ``` * Sat Sep 23 2023 Packit <hello(a)packit.dev> - 0.81.0-1 - Packit now supports the `pkg_tool` option in the config (at the top-level or with specific packages when using the monorepo syntax). This option can be used for switching between `fedpkg` or `centpkg`. (#2085) - When updating the `Version` tag during `propose_downstream` or `pull_from_upstream`, Packit now tries to update referenced macros (if any) rather than overwriting the references. (#2087) - If you have concerns about Packit uploading new archives to lookaside cache before creating a pull request, you can newly set `upload_sources` to False to disable this. (#2086) - We have fixed a bug that could cause duplicit PRs to be created when using the `commit- message` action. (#2080) - Packit now supports `commit-message` action that can be used to override the default commit message produced by Packit during `propose-downstream` or `pull-from-upstream`. Please pay attention to our [documentation](https://packit.dev/docs/configuration/actions#commit-message) with regards to the usage of this action. (#2070) ``` -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Packit <hello(a)packit.dev> - 0.82.0-1 - You can now specify bugs resolved by an update by `-b` or `--resolve-bug` option for `propose-downstream` and `pull-from-upstream` commands. The values will be added by default to the changelog and commit message and provided in `commit-message` and `changelog-entry` actions as `PACKIT_RESOLVED_BUGS` env variable. (#2094) - Resolves rhbz#2240355 * Sat Sep 23 2023 Packit <hello(a)packit.dev> - 0.81.0-1 - Packit now supports the `pkg_tool` option in the config (at the top-level or with specific packages when using the monorepo syntax). This option can be used for switching between `fedpkg` or `centpkg`. (#2085) - When updating the `Version` tag during `propose_downstream` or `pull_from_upstream`, Packit now tries to update referenced macros (if any) rather than overwriting the references. (#2087) - If you have concerns about Packit uploading new archives to lookaside cache before creating a pull request, you can newly set `upload_sources` to False to disable this. (#2086) - We have fixed a bug that could cause duplicit PRs to be created when using the `commit-message` action. (#2080) - Packit now supports `commit-message` action that can be used to override the default commit message produced by Packit during `propose-downstream` or `pull-from-upstream`. Please pay attention to our [documentation](https://packit.dev/docs/configuration/actions#commit-message) with regards to the usage of this action. (#2070) -------------------------------------------------------------------------------- ================================================================================ python-url-normalize-1.4.3-1.el9 (FEDORA-EPEL-2023-5d464fd883) Python URI normalizator -------------------------------------------------------------------------------- Update Information: initial specfile -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Andrew Bauer <zonexpertconsulting(a)outlook.com> - 1.4.3-1 - initial specfile - 1.4.3 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240783 - Review Request: python-url-normalize - Python URI normalizator https://bugzilla.redhat.com/show_bug.cgi?id=2240783 -------------------------------------------------------------------------------- ================================================================================ pythoncapi-compat-0^20230929git671fb69-1.el9 (FEDORA-EPEL-2023-932a4f0b7e) Python C API compatibility -------------------------------------------------------------------------------- Update Information: Update to `0^20230929git671fb69` - Adds `PyObject_HasAttrWithError()` and `PyObject_HasAttrStringWithError()` functions. - Fixes `PyObject_GetOptionalAttrString()`: set result to `NULL` on error. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0^20230929git671fb69-1 - Update to 0^20230929git671fb69 - Adds PyObject_HasAttrWithError() and PyObject_HasAttrStringWithError() functions. - Fixes PyObject_GetOptionalAttrString(): set result to NULL on error. --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff chromium-117.0.5938.92-2.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ffb6e04eb7 drupal7-7.98-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c283911e27 ckeditor-4.22.1-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-97dd2d11b6 xrdp-0.9.23.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing clustershell-1.9.2-1.el7 composer-1.10.27-1.el7 fedora-license-data-1.31-1.el7 libptytty-2.0-4.el7 rxvt-unicode-9.31-1.el7 Details about builds: ================================================================================ clustershell-1.9.2-1.el7 (FEDORA-EPEL-2023-c1b3279c59) Python framework for efficient cluster administration -------------------------------------------------------------------------------- Update Information: Update to upstream release 1.9.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Stephane Thiell <sthiell(a)stanford.edu> 1.9.2-1 - update to 1.9.2 -------------------------------------------------------------------------------- ================================================================================ composer-1.10.27-1.el7 (FEDORA-EPEL-2023-3ee7f851c6) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.10.27** - 2023-09-29 * Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / **CVE-2023-43655**) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Remi Collet <remi(a)remirepo.net> - 1.10.27-1 - update to 1.10.27 -------------------------------------------------------------------------------- ================================================================================ fedora-license-data-1.31-1.el7 (FEDORA-EPEL-2023-2dfb1ec616) Fedora Linux license data -------------------------------------------------------------------------------- Update Information: Automatic update for fedora-license-data-1.31-1.el7. ##### **Changelog for fedora-license-data** ``` * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND- export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL- exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid ``` -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 29 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.31-1 - new license: GPL-2.0-or-later WITH Autoconf-exception-macro - new license: LGPL-3.0-or-later WITH Autoconf-exception-macro - new license: HPND-export-US-modify - Add a public domain dedication from the SWORD Project - Add LPPL-1.2 as not-allowed, add LPPL-1.3a+ as allowed - new license: LGPL-2.1-only WITH Qt-LGPL-exception-1.1 - new license: SGI-OpenGL - Add jhash public domain dedication for QEMU - Add QEMU to the rijndael (AES) public domain license reference - new license: SSH-short - new license: GPL-2.0-or-later WITH UBDL-exception - new license: McPhee-slideshow - new license: HPND-DEC - new license: magaz - new license: ulem - new license: fwlw - new license: Kastrup - Fix names of Linux-syscall-note TOML files - Add reference to EDK2 package public domain code - new license: HPND-sell-regexpr - new license: Cronyx - new license: Lucida-Bitmap-Fonts - new license: LPPL-1.3c - new license: swrule - new license: BSD-Inferno-Nettverk - Some code in OpenSSH has a Public Domain license - new license: ssh-keyscan - new license: HPND-Pbmplus - Add public domain text from mingw-headers/mingw-winpthreads packages - Add public domain test from Augeas project - new license: BSD-Attribution-HPND-disclaimer - new not allowed license: LicenseRef-Tyrian - Add public domain entry for squid -------------------------------------------------------------------------------- ================================================================================ libptytty-2.0-4.el7 (FEDORA-EPEL-2023-a99c56df6a) OS independent and secure pty/tty and utmp/wtmp/lastlog handling -------------------------------------------------------------------------------- Update Information: The last update for rxvt-unicode stripped it down to just the rxvt-unicode- terminfo subpackage, leaving the rxvt-unicode package empty with no files. This disruptive change was against EPEL policy. This new update restores the full rxvt-unicode package. It also updates the package to version 9.31 to match the version in EPEL 8, which correctly fixes CVE-2022-4170. It also introduces the libptytty dependency to EPEL 7. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 2.0-4 - Enable EPEL 7 build with devtoolset-8 and cmake3 * Wed Jan 4 2023 David Cantrell <dcantrell(a)redhat.com> - 2.0-3 - Convert license to SPDX format: GPL-2.0-or-later * Fri Dec 16 2022 Robbie Harwood <rharwood(a)redhat.com> - 2.0-2 - Bump spec due to bodhi failures * Fri Dec 16 2022 Robbie Harwood <rharwood(a)redhat.com> - 2.0-1 - Initial import (2.0) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2151598 - CVE-2022-4170 rxvt-unicode: remote code execution via background OSC [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2151598 [ 2 ] Bug #2160952 - rxvt-unicode-9.30-2.el7.x86_64 contains NO FILES https://bugzilla.redhat.com/show_bug.cgi?id=2160952 [ 3 ] Bug #2165151 - rxvt-unicode-9.30-2 RPM on Epel7 repository is an invalid RPM https://bugzilla.redhat.com/show_bug.cgi?id=2165151 [ 4 ] Bug #2170550 - EPEL7 - rxvt-unicode package contains no data https://bugzilla.redhat.com/show_bug.cgi?id=2170550 -------------------------------------------------------------------------------- ================================================================================ rxvt-unicode-9.31-1.el7 (FEDORA-EPEL-2023-a99c56df6a) Unicode version of rxvt -------------------------------------------------------------------------------- Update Information: The last update for rxvt-unicode stripped it down to just the rxvt-unicode- terminfo subpackage, leaving the rxvt-unicode package empty with no files. This disruptive change was against EPEL policy. This new update restores the full rxvt-unicode package. It also updates the package to version 9.31 to match the version in EPEL 8, which correctly fixes CVE-2022-4170. It also introduces the libptytty dependency to EPEL 7. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 9.31-1 - Update to version 9.31 - Restore full package - Build with devtoolset-8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2151598 - CVE-2022-4170 rxvt-unicode: remote code execution via background OSC [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2151598 [ 2 ] Bug #2160952 - rxvt-unicode-9.30-2.el7.x86_64 contains NO FILES https://bugzilla.redhat.com/show_bug.cgi?id=2160952 [ 3 ] Bug #2165151 - rxvt-unicode-9.30-2 RPM on Epel7 repository is an invalid RPM https://bugzilla.redhat.com/show_bug.cgi?id=2165151 [ 4 ] Bug #2170550 - EPEL7 - rxvt-unicode package contains no data https://bugzilla.redhat.com/show_bug.cgi?id=2170550 --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff chromium-117.0.5938.92-2.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ffb6e04eb7 drupal7-7.98-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c283911e27 ckeditor-4.22.1-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-97dd2d11b6 xrdp-0.9.23.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing c-icap-0.6.0-1.el7 c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el7 dkms-3.0.12-1.el7 Details about builds: ================================================================================ c-icap-0.6.0-1.el7 (FEDORA-EPEL-2023-8a5cc3fca8) An implementation of an ICAP server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.6.0-1 - Update to final 0.6.0 release. -------------------------------------------------------------------------------- ================================================================================ c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el7 (FEDORA-EPEL-2023-8a5cc3fca8) Services for the c-icap server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.5.6-4.20230212gitfd1a1b7 - Rebuild for updated c-icap. * Tue Sep 26 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 0.5.6-3.20230212gitfd1a1b7 - Rebuilt for clamav 1.0 -------------------------------------------------------------------------------- ================================================================================ dkms-3.0.12-1.el7 (FEDORA-EPEL-2023-52a1695e9b) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Update to 3.0.12. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 3.0.12-1 - Update to 3.0.12. - Drop support for building from snapshots in SPEC file. - Trim changelog. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240511 - dkms-3.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2240511 --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 8 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 8 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-49fe68774a plantuml-1.2023.11-1.el8 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-9abc3565b5 chromium-117.0.5938.92-2.el8 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-27c714a6a4 xrdp-0.9.23.1-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing c-icap-0.6.0-1.el8 c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el8 dkms-3.0.12-1.el8 libdispatch-5.9-1.el8 Details about builds: ================================================================================ c-icap-0.6.0-1.el8 (FEDORA-EPEL-2023-55c064645c) An implementation of an ICAP server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.6.0-1 - Update to final 0.6.0 release. -------------------------------------------------------------------------------- ================================================================================ c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el8 (FEDORA-EPEL-2023-55c064645c) Services for the c-icap server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.5.6-4.20230212gitfd1a1b7 - Rebuild for updated c-icap. * Tue Sep 26 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 0.5.6-3.20230212gitfd1a1b7 - Rebuilt for clamav 1.0 -------------------------------------------------------------------------------- ================================================================================ dkms-3.0.12-1.el8 (FEDORA-EPEL-2023-9dcb4a8bf7) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Update to 3.0.12. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 3.0.12-1 - Update to 3.0.12. - Drop support for building from snapshots in SPEC file. - Trim changelog. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240511 - dkms-3.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2240511 -------------------------------------------------------------------------------- ================================================================================ libdispatch-5.9-1.el8 (FEDORA-EPEL-2023-4662e70996) Apple's Grand Central Dispatch library -------------------------------------------------------------------------------- Update Information: Updated to 5.9-RELEASE -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Ron Olson <tachoknight(a)gmail.com> 5.9-1 - Updated to 5.9-RELEASE * Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 9 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 9 Security updates need testing: Age URL 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d573bf038f plantuml-1.2023.11-2.el9 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3 chromium-117.0.5938.92-2.el9 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-93ac846983 xrdp-0.9.23.1-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing c-icap-0.6.0-1.el9 c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el9 cargo2rpm-0.1.9-1.el9 dkms-3.0.12-1.el9 ghc9.6-9.6.3-11.el9 grass-8.2.1-2.el9 libdispatch-5.9-1.el9 waycheck-0.2.0-1.el9 Details about builds: ================================================================================ c-icap-0.6.0-1.el9 (FEDORA-EPEL-2023-0bf9f2346b) An implementation of an ICAP server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.6.0-1 - Update to final 0.6.0 release. -------------------------------------------------------------------------------- ================================================================================ c-icap-modules-0.5.6-4.20230212gitfd1a1b7.el9 (FEDORA-EPEL-2023-0bf9f2346b) Services for the c-icap server -------------------------------------------------------------------------------- Update Information: Final release 0.6.0 for the snapshot that was currently published. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 0.5.6-4.20230212gitfd1a1b7 - Rebuild for updated c-icap. * Tue Sep 26 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 0.5.6-3.20230212gitfd1a1b7 - Rebuilt for clamav 1.0 -------------------------------------------------------------------------------- ================================================================================ cargo2rpm-0.1.9-1.el9 (FEDORA-EPEL-2023-9f9cd5d663) Translation layer between cargo and RPM -------------------------------------------------------------------------------- Update Information: Update to version 0.1.9. Release notes: https://pagure.io/fedora- rust/cargo2rpm/blob/main/f/CHANGELOG.md -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.1.9-1 - Update to version 0.1.9; Fixes RHBZ#2240213 -------------------------------------------------------------------------------- ================================================================================ dkms-3.0.12-1.el9 (FEDORA-EPEL-2023-0ac7593f62) Dynamic Kernel Module Support Framework -------------------------------------------------------------------------------- Update Information: Update to 3.0.12. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Simone Caronni <negativo17(a)gmail.com> - 3.0.12-1 - Update to 3.0.12. - Drop support for building from snapshots in SPEC file. - Trim changelog. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240511 - dkms-3.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=2240511 -------------------------------------------------------------------------------- ================================================================================ ghc9.6-9.6.3-11.el9 (FEDORA-EPEL-2023-6f686bac74) Glasgow Haskell Compiler -------------------------------------------------------------------------------- Update Information: https://downloads.haskell.org/ghc/9.6.3/docs/users_guide/9.6.3-notes.html -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 25 2023 Jens Petersen <petersen(a)redhat.com> - 9.6.3-11 - https://downloads.haskell.org/ghc/9.6.3/docs/users_guide/9.6.3-notes.html * Tue Jul 25 2023 Jens Petersen <petersen(a)redhat.com> - 9.6.2-10 - base subpkg now owns ghcliblib and ghclibplatform dirs (#2185357) - update BSD license tags to SPDX * Sat Jul 22 2023 Jens Petersen <petersen(a)redhat.com> - 9.6.2-9 - rename ghc manpage to ghc-9.6 * Fri Jul 21 2023 Jens Petersen <petersen(a)redhat.com> - 9.6.2-8 - strip out the obsolete make buildsystem - build the ghc manpage with sphinx * Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.6.2-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ grass-8.2.1-2.el9 (FEDORA-EPEL-2023-b0ea2c2e4e) GRASS GIS - Geographic Resources Analysis Support System -------------------------------------------------------------------------------- Update Information: Remove non-existent dependencies in EPEL 9, resolves rhbz#2240696 -------------------------------------------------------------------------------- ChangeLog: * Mon Sep 25 2023 Carl George <carlwgeorge(a)fedoraproject.org> - 8.2.1-2 - Remove non-existent dependencies in EPEL 9, resolves rhbz#2240696 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2240696 - grass: does not install from EPEL 9 https://bugzilla.redhat.com/show_bug.cgi?id=2240696 -------------------------------------------------------------------------------- ================================================================================ libdispatch-5.9-1.el9 (FEDORA-EPEL-2023-e26e034ec0) Apple's Grand Central Dispatch library -------------------------------------------------------------------------------- Update Information: Updated to 5.9-RELEASE -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Ron Olson <tachoknight(a)gmail.com> 5.9-1 - Updated to 5.9-RELEASE * Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.7.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ waycheck-0.2.0-1.el9 (FEDORA-EPEL-2023-eb258ec64f) Simple GUI that displays protocols implemented by a Wayland compositor -------------------------------------------------------------------------------- Update Information: Update to v0.2.0 - Add KDE and Weston protocols - Use a tabbed view with separate tables for each protocol group - Fix contrast issues - Update icon - Prevent editing table cells - Only allow selecting one cell at a time - Fix icon not showing in window decorations on KDE Plasma -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Neal Gompa <ngompa(a)fedoraproject.org> - 0.2.0-1 - Update to v0.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2241220 - waycheck-0.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2241220 --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 7 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 7 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4211889c5a seamonkey-2.53.17.1-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-981e9f53ff chromium-117.0.5938.92-2.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ffb6e04eb7 drupal7-7.98-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-c283911e27 ckeditor-4.22.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing xrdp-0.9.23.1-1.el7 Details about builds: ================================================================================ xrdp-0.9.23.1-1.el7 (FEDORA-EPEL-2023-97dd2d11b6) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.23.1 (2023/09/27) This is a security fix release for CVE-2023-42822. This update is recommended for all xrdp users. Security fixes - CVE-2023-42822: Unchecked access to font glyph info -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.23.1-1 - Update to 0.9.23.1 - CVE-2023-42822 --------------------------------------------------------------------------------

7 months

1
0
0 / 0

Fedora EPEL 9 updates-testing report

by updates＠fedoraproject.org

The following Fedora EPEL 9 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d573bf038f plantuml-1.2023.11-2.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-09cc239fe3 chromium-117.0.5938.92-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing blender-3.3.11-1.el9 mock-5.2-1.el9 perl-HTTP-CookieJar-0.014-4.el9 perl-Mozilla-PublicSuffix-1.0.6-3.el9 rust-ctor-0.2.5-1.el9 rust-indexmap-2.0.1-1.el9 rust-thiserror-1.0.49-1.el9 rust-thiserror-impl-1.0.49-1.el9 tor-0.4.8.7-1.el9 xrdp-0.9.23.1-1.el9 Details about builds: ================================================================================ blender-3.3.11-1.el9 (FEDORA-EPEL-2023-23b392acb1) 3D modeling, animation, rendering and post-production -------------------------------------------------------------------------------- Update Information: Update for 3.6.4 for Fedora 38 and lower and 3.3.11 for EPEL9 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1:3.3.11-1 - Updafte to 3.3.11 -------------------------------------------------------------------------------- ================================================================================ mock-5.2-1.el9 (FEDORA-EPEL-2023-e7ebd56bcd) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: https://rpm-software-management.github.io/mock/Release-Notes-5.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Pavel Raiskup <praiskup(a)redhat.com> 5.2-1 - Fix '~' user source expansion for --copyout - Compatibility fix with EL 8 - Log out the command-line arguments - Make sure that 'state' is always finished - README.md: cleaning up - Post-release administrivia -------------------------------------------------------------------------------- References: [ 1 ] Bug #2239035 - mock fails to copyout files with ~ in their names https://bugzilla.redhat.com/show_bug.cgi?id=2239035 -------------------------------------------------------------------------------- ================================================================================ perl-HTTP-CookieJar-0.014-4.el9 (FEDORA-EPEL-2023-d37fd7d349) Minimalist HTTP user agent cookie jar -------------------------------------------------------------------------------- Update Information: This is the first EPEL-9 build of perl-Mozilla-PublicSuffix and its dependent package perl-HTTP-CookieJar. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Paul Howarth <paul(a)city-fan.org> - 0.014-4 - Use author-independent source URL - Classify build requirements by usage - Add runtime recommendation for Mozilla::PublicSuffix as per upstream - Simplify find command using -delete - Fix permissions verbosely - Make %files list more explicit * Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.014-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.014-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Jul 25 2022 Yanko Kaneti <yaneti(a)declera.com> 0.014-1 - Update to 0.014 * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.012-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.012-4 - Perl 5.36 rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.012-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2232304 - RFE: epel9 branch of perl-Mozilla-PublicSuffix https://bugzilla.redhat.com/show_bug.cgi?id=2232304 -------------------------------------------------------------------------------- ================================================================================ perl-Mozilla-PublicSuffix-1.0.6-3.el9 (FEDORA-EPEL-2023-d37fd7d349) Get a domain name's public suffix via the Mozilla Public Suffix List -------------------------------------------------------------------------------- Update Information: This is the first EPEL-9 build of perl-Mozilla-PublicSuffix and its dependent package perl-HTTP-CookieJar. -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.0.6-2 - Perl 5.36 rebuild * Thu May 5 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.0.6-1 - 1.0.6 bump * Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.0.3-2 - Perl 5.34 rebuild * Thu Mar 4 2021 Yanko Kaneti <yaneti(a)declera.com> - 1.0.3-1 - New version bump * Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 18 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.0.2-1 - 1.0.2 bump - Specify all dependencies * Thu Nov 12 2020 Yanko Kaneti <yaneti(a)declera.com> - 1.0.1-1 - New version and upstream maintainer. * Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.0-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2232304 - RFE: epel9 branch of perl-Mozilla-PublicSuffix https://bugzilla.redhat.com/show_bug.cgi?id=2232304 -------------------------------------------------------------------------------- ================================================================================ rust-ctor-0.2.5-1.el9 (FEDORA-EPEL-2023-0bbeed8b8b) __attribute__((constructor)) for Rust -------------------------------------------------------------------------------- Update Information: Update to version 0.2.5. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.2.5-1 - Update to version 0.2.5; Fixes RHBZ#2240821 -------------------------------------------------------------------------------- ================================================================================ rust-indexmap-2.0.1-1.el9 (FEDORA-EPEL-2023-0048d1a8d6) Hash table with consistent order and fast iteration -------------------------------------------------------------------------------- Update Information: Update to version 2.0.1. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 2.0.1-1 - Update to version 2.0.1; Fixes RHBZ#2241021 -------------------------------------------------------------------------------- ================================================================================ rust-thiserror-1.0.49-1.el9 (FEDORA-EPEL-2023-3179487f0a) Derive(Error) -------------------------------------------------------------------------------- Update Information: Update the thiserror and thiserror-impl crates to version 1.0.49. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.49-1 - Update to version 1.0.49; Fixes RHBZ#2240866 -------------------------------------------------------------------------------- ================================================================================ rust-thiserror-impl-1.0.49-1.el9 (FEDORA-EPEL-2023-3179487f0a) Implementation detail of the thiserror crate -------------------------------------------------------------------------------- Update Information: Update the thiserror and thiserror-impl crates to version 1.0.49. -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.49-1 - Update to version 1.0.49; Fixes RHBZ#2240867 -------------------------------------------------------------------------------- ================================================================================ tor-0.4.8.7-1.el9 (FEDORA-EPEL-2023-292af44eda) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: update to latest upstream release https://forum.torproject.org/t/stable- release-0-4-8-7/9398 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 27 2023 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.4.8.7-1 - update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-7/9398 * Wed Aug 30 2023 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.4.8.5-1 - update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-5/8996 * Fri Aug 25 2023 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.4.8.4-1 - update to latest upstream release https://forum.torproject.org/t/stable-release-0-4-8-4/8884 * Tue Aug 1 2023 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.4.7.14-1 - update to latest upstream release * Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.7.13-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Sat Mar 25 2023 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.4.7.13-3 - Rebuilt to address issue bz#2180871 * Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.7.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2211726 - tor-0.4.9.0-alpha-dev is available https://bugzilla.redhat.com/show_bug.cgi?id=2211726 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.23.1-1.el9 (FEDORA-EPEL-2023-93ac846983) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.23.1 (2023/09/27) This is a security fix release for CVE-2023-42822. This update is recommended for all xrdp users. Security fixes - CVE-2023-42822: Unchecked access to font glyph info -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 28 2023 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.23.1-1 - Update to 0.9.23.1 - CVE-2023-42822 --------------------------------------------------------------------------------

7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel September 2023