epel-devel April 2026

epel-devel@lists.fedoraproject.org

6 participants
136 discussions

RFC: Breaking libgit2 / pygit2 updates (for CVE issues in libgit2 and nix)
by Fabio Valentini 08 May '26

08 May '26

Hi EPELers, It was brought to my attention that the libgit2 package in EPEL 10 (and 9, for that matter) is currently quite out-of-date, at version 1.7.2. I only "recently" became maintainer of libgit2 after it had been orphaned, so I am not aware of any previous history related to this issue (if there is any). The v1.7 branch of libgit2 hasn't seen new releases since the initial release of version 1.8.0. Additionally, libgit2 only backports security fixes to the last stable release branch (which is currently v1.8), so fixes for security issues since 1.8.0 are missing from the EPEL packages for libgit2. See also release notes for 1.9.0 and 1.9.2: - https://github.com/libgit2/libgit2/releases/tag/v1.9.0 - https://github.com/libgit2/libgit2/releases/tag/v1.9.2 None of the recent "security" issues in libgit2 seem to have been assigned CVE numbers, nor do they seem to be "properly" documented in the release notes, nor link any publicly available report, nor are there GitHub advisories filed for them - so it's hard to tell without digging more whether these are actually serious. :sad face: Apparently an update to the v1.9 branch (ideally, to v1.9.2, matching Fedora, to pull in missing fixes for security issues) is also required to fix "pretty severe" CVE in "nix" (though I don't know the details). Originally Jens (the nix maintainer) asked whether we could package libgit2_1.9 for EPEL (and keep the libgit2 package at v1.7), but given that libgit2 itself would *also* need updates to fix security issues, I would kind of prefer to avoid this, and bite the sour apple and go through the "Incompatible Updates" process for it for EPEL 10. I'm not sure it's worth doing for EPEL 9 given that it's so old and dusty at this point (and nix is also not packaged for EPEL 9, making this less impactful). There are only five dependent packages of libgit2 in EPEL: - geany-plugins (epel9 only) - gnuastro - nix (epel10 only) - python-pygit2 - python-rpmautospec With four additional packages requiring libgit2-devel at build-time only (not sure why?): - goose (epel10 only) - kf5-ktexteditor (epel9 only) - kf6-ktexteditor (epel10 only) - public-inbox (epel9 only) It looks like all affected packages would build fine with v1.9.2 (according to Jens), only pygit2 would require a coordinated update to match versions with libgit2. I'm unsure whether an incompatible update is the best option here, but EPEL 10 will live for a long time yet, and it *already* ships a version of libgit2 that no longer receives security backports from upstream. Making an EPEL-only libgit2_1.9 package would be the quick-and-dirty solution for nix, but wouldn't solve the "EPEL ships unsupported and potentially vulnerable libgit2 versions" problem. Opinions? Fabio

2 3

Fedora EPEL 8 updates-testing report
by updates＠fedoraproject.org 29 Apr '26

29 Apr '26

The following Fedora EPEL 8 Security updates need testing: Age URL 161 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2 xpdf-4.06-1.el8 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-6bff23a642 perl-CryptX-0.088-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing java-latest-openjdk-26.0.1.0.8-0.1.el8 perl-Text-CSV_XS-1.62-1.el8 radicale-3.7.2-1.el8 Details about builds: ================================================================================ java-latest-openjdk-26.0.1.0.8-0.1.el8 (FEDORA-EPEL-2026-fea4b9a8db) OpenJDK 26 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK CPU 04/2026 for jdk26 rpms -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-2 - RPMAUTOSPEC: unresolvable merge -------------------------------------------------------------------------------- ================================================================================ perl-Text-CSV_XS-1.62-1.el8 (FEDORA-EPEL-2026-edfdbfa06c) Comma-separated values manipulation routines -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. Includes fix for potential stack corruption (CVE-2026-7111). -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Paul Howarth <paul(a)city-fan.org> - 1.62-1 - Update to 1.62 (rhbz#2463743) - It is 2026 - Fix possible stack corruption (GH#65, CVE-2026-7111) * Sun Jul 27 2025 Paul Howarth <paul(a)city-fan.org> - 1.61-1 - Update to 1.61 (rhbz#2383739) - Add love letter to CSV from xan project with reference - Bugtracker to Github (long overdue) (GH#63) - Update to Devel::PPPort-3.73 * Fri Jan 31 2025 Paul Howarth <paul(a)city-fan.org> - 1.60-1 - Update to 1.60 (rhbz#2343165) - Add SECURITY.md - CR/NL/CRNL inside quoted fields not affected by strict_eol - Fix incorrect error 2014 (GH#62) * Sun Jan 5 2025 Paul Howarth <paul(a)city-fan.org> - 1.59-1 - Update to 1.59 (rhbz#2335660) - Fixed EOL test for Windows with crnl layer - It is 2025 * Mon Dec 30 2024 Paul Howarth <paul(a)city-fan.org> - 1.58-1 - Update to 1.58 (rhbz#2334923) - Add strict_eol (warnings default in csv()) - Add XS line number in errors - Add streaming support (not set in stone) * Tue Nov 12 2024 Paul Howarth <paul(a)city-fan.org> - 1.57-1 - Update to 1.57 (rhbz#2325504) - Add on_error callback to csv() - Retain runtime error from csv() * Sun Aug 11 2024 Paul Howarth <paul(a)city-fan.org> - 1.56-1 - Update to 1.56 (rhbz#2303862) - Yet another strict/comment_str conflict (GH#57) - Strict affected by column_names * Tue Jun 18 2024 Paul Howarth <paul(a)city-fan.org> - 1.55-1 - Update to 1.55 (rhbz#2292859) - More fixes for strict under bind_columns (GH#54) - Strict won't hide previous error (GH#56) - Update to Devel::PPPort-3.72 * Fri Apr 19 2024 Paul Howarth <paul(a)city-fan.org> - 1.54-1 - Update to 1.54 (rhbz#2275976) - It's 2024 - Fix comment_str with strict - Documentation fixes (CPAN RT#150757, CPAN RT#151546) * Thu Nov 23 2023 Paul Howarth <paul(a)city-fan.org> - 1.53-1 - Update to 1.53 (rhbz#2251219) - Two casts for -Wformat (GH#50) - Add --skip-empty to csv2xlsx - Add --font and --font-size to csv2xlsx - Fix skip_empty_rows ("skip") and trailing newlines (GH#52) - Fix comment in last line (CPAN RT#150501) * Thu Sep 21 2023 Paul Howarth <paul(a)city-fan.org> - 1.52-1 - Update to 1.52 (rhbz#2240080) - Fix possible coredump in cache on non-IO parse (GH#49) * Tue Aug 8 2023 Paul Howarth <paul(a)city-fan.org> - 1.51-1 - Update to 1.51 (rhbz#2229806) - Contact e-mail update - Attribute skip_empty_rows extended - Fix comments (GH#45) - Fix help (GH#46) - Update to Devel::PPPort-3.71 - Fix HTML on Windows - Fix double header-interpretation on bom + headers => "auto" (GH#47) * Wed Mar 1 2023 Paul Howarth <paul(a)city-fan.org> - 1.50-1 - Update to 1.50 (rhbz#2174402) - Promote sep to sep_set in csv() with auto-headers - Fix bug in set_diag surfaced by PERL_RC_STACK * Tue Jan 3 2023 Paul Howarth <paul(a)city-fan.org> - 1.49-1 - Update to 1.49 - csv2xlsx --split=CxP [--split-label=C] - Full documentation/manual for csv2xlsx - Fix non-integer arguments to getline_all (GH#39) - It's 2023 - Use SPDX-format license tag * Wed May 25 2022 Paul Howarth <paul(a)city-fan.org> - 1.48-1 - Update to 1.48 - It's 2022 - kh => 1 (use internal headers) - Add constants for META flags (CPAN RT#142508) - Update to Devel::PPPort-3.68 - Export :CONSTANTS - Fix sep_set typo (GH#37) - Tested against perl-5.36.0 * Wed Dec 22 2021 Paul Howarth <paul(a)city-fan.org> - 1.47-1 - Update to 1.47 - Make error 2014 catchable - Suppress empty lines on empty input (GH#34) - Perl 6 → Raku in docs (CPAN RT#136864) - IETF changed their URLs - Add some documentation for Google hist * Wed Mar 24 2021 Paul Howarth <paul(a)city-fan.org> - 1.46-1 - Update to 1.46 - It's 2021 - New attribute comment_str (RFC 4180-bis) - New attribute skip_empty_rows (RFC 4180-bis) - http → https in links in docs - Fix several issues with auto-detecting \r as EOL - Tested on perl-5.6.1 .. perl-5.32.1 and perl-5.33.8 (145) * Thu Dec 24 2020 Paul Howarth <paul(a)city-fan.org> - 1.45-1 - Update to 1.45 - Update to Devel::PPPort-3.62 - Allow adding to existing data in csv (out => $ref) - examples/csv2xlsx: -L # to limit records to export - examples/csv2xlsx: --de # for possible double-encoding fix - examples/csv2xlsx: Check if .xlsx is creatable before conversion - Add examples/csv-split - Small documentation additions - Fix META issue for bug tracker * Thu Jul 23 2020 Paul Howarth <paul(a)city-fan.org> - 1.44-1 - Update to 1.44 - EBCDIC now fully functional - Prevent false negative CPANTESTERS fail reports - Fully tested on perl-5.32.0 and perl-5.33.0 - Fix partly decoded fields in header * Wed May 27 2020 Paul Howarth <paul(a)city-fan.org> - 1.43-1 - Update to 1.43 - Add --parser-opt[=value] to csv-check - Add -L and -X to csv-check - Fix undef value in attribute setters for strings (GH#24) - Document quote (undef) is not supported * Tue May 19 2020 Paul Howarth <paul(a)city-fan.org> - 1.42-1 - Update to 1.42 - Update to Devel::PPPort-3.58 - Unicode fixes for csv2xls and csv2xlsx - Add internal buffers to cache diagnostics - Fix positional reporting in examples/csv-check - Allow passing CSV parsing attributes to csv-check - Proof reading - doc fixes by Klaus Baldermann <soonix> (GH#21) - Fix type caching (CPAN RT#132344) - Small doc fix by Nick Tonkin <1nickt> (GH#22) - Fix sep=; being ignored in ->header (GH#23) * Sun Feb 16 2020 Paul Howarth <paul(a)city-fan.org> - 1.41-1 - Update to 1.41 - Update to Devel::PPPort-3.56 - csv2xls uses sheetname as csv2xlsx - csv2xlsx: support images (each image gets its own tab) - More docs (data validation) - It's 2020 - No binary literals in fixed error messages - Fix auto_diag > 2 to die when headers are used (GH#19) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463743 - perl-Text-CSV_XS-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463743 -------------------------------------------------------------------------------- ================================================================================ radicale-3.7.2-1.el8 (FEDORA-EPEL-2026-45eb264b34) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Update to 3.7.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Peter Bieringer <pb(a)bieringer.de> - 3.7.2-1 - Update to 3.7.2 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.1 updates-testing report
by updates＠fedoraproject.org 29 Apr '26

29 Apr '26

The following Fedora EPEL 10.1 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-401e78e90b perl-CryptX-0.088-2.el10_1 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74491d040c pdns-5.0.4-1.el10_1 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-479c1d4133 mbedtls-3.6.6-1.el10_1 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a534b99d27 openvpn-2.7.3-1.el10_1 The following builds have been pushed to Fedora EPEL 10.1 updates-testing GitPython-3.1.49-1.el10_1 java-latest-openjdk-26.0.1.0.8-0.1.el10_1 perl-Text-CSV_XS-1.62-1.el10_1 rust-thin-vec-0.2.17-1.el10_1 Details about builds: ================================================================================ GitPython-3.1.49-1.el10_1 (FEDORA-EPEL-2026-2fffa84f40) Python Git Library -------------------------------------------------------------------------------- Update Information: Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.49-1 - Update to 3.1.49; closes RHBZ#2463714 and fixes GHSA-v87r-6q3f-2j67 * Tue Apr 28 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.48-1 - Update to 3.1.48; closes RHBZ#2460480, fixes GHSA-rpm5-65cw-6hj4, fixes GHSA-x2qx-6953-8485, and fixes GHSA-7545-fcxq-7j24 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460480 - GitPython-3.1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=2460480 [ 2 ] Bug #2463714 - GitPython-3.1.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463714 -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-26.0.1.0.8-0.1.el10_1 (FEDORA-EPEL-2026-6bf177a058) OpenJDK 26 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK CPU 04/2026 for jdk26 rpms -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-1 - Updated to repack 26.0.1+8 -------------------------------------------------------------------------------- ================================================================================ perl-Text-CSV_XS-1.62-1.el10_1 (FEDORA-EPEL-2026-cbd1d2107b) Comma-separated values manipulation routines -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. Includes fix for potential stack corruption (CVE-2026-7111). -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Paul Howarth <paul(a)city-fan.org> - 1.62-1 - Update to 1.62 (rhbz#2463743) - It is 2026 - Fix possible stack corruption (GH#65, CVE-2026-7111) * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sun Jul 27 2025 Paul Howarth <paul(a)city-fan.org> - 1.61-1 - Update to 1.61 (rhbz#2383739) - Add love letter to CSV from xan project with reference - Bugtracker to Github (long overdue) (GH#63) - Update to Devel::PPPort-3.73 * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.60-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.60-2 - Perl 5.42 rebuild * Fri Jan 31 2025 Paul Howarth <paul(a)city-fan.org> - 1.60-1 - Update to 1.60 (rhbz#2343165) - Add SECURITY.md - CR/NL/CRNL inside quoted fields not affected by strict_eol - Fix incorrect error 2014 (GH#62) * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.59-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Jan 5 2025 Paul Howarth <paul(a)city-fan.org> - 1.59-1 - Update to 1.59 (rhbz#2335660) - Fixed EOL test for Windows with crnl layer - It is 2025 * Mon Dec 30 2024 Paul Howarth <paul(a)city-fan.org> - 1.58-1 - Update to 1.58 (rhbz#2334923) - Add strict_eol (warnings default in csv()) - Add XS line number in errors - Add streaming support (not set in stone) * Tue Nov 12 2024 Paul Howarth <paul(a)city-fan.org> - 1.57-1 - Update to 1.57 (rhbz#2325504) - Add on_error callback to csv() - Retain runtime error from csv() -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463743 - perl-Text-CSV_XS-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463743 -------------------------------------------------------------------------------- ================================================================================ rust-thin-vec-0.2.17-1.el10_1 (FEDORA-EPEL-2026-0116985c5b) Vec that takes up less space on the stack -------------------------------------------------------------------------------- Update Information: Update to version 0.2.17: Prefer core::marker and core::mem to fix --no-default- features -F gecko-ffi -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2.17-1 - Update to version 0.2.17; Fixes RHBZ#2463780 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463780 - rust-thin-vec-0.2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463780 --------------------------------------------------------------------------------

1 0

Fedora EPEL 9 updates-testing report
by updates＠fedoraproject.org 29 Apr '26

29 Apr '26

The following Fedora EPEL 9 Security updates need testing: Age URL 161 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db xpdf-4.06-1.el9 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-e794b68cc6 nuclei-3.8.0-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-7e951d42d8 rust-openssl-0.10.78-1.el9 rust-openssl-sys-0.9.114-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-25a3af10b3 perl-CryptX-0.088-2.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-f12f177232 pdns-5.0.4-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing GitPython-3.1.49-1.el9 java-latest-openjdk-26.0.1.0.8-0.1.el9 perl-Text-CSV_XS-1.62-1.el9 radicale-3.7.2-1.el9 rust-ctutils-0.4.2-1.el9 Details about builds: ================================================================================ GitPython-3.1.49-1.el9 (FEDORA-EPEL-2026-e52bb6f7dd) Python Git Library -------------------------------------------------------------------------------- Update Information: Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.49-1 - Update to 3.1.49; closes RHBZ#2463714 and fixes GHSA-v87r-6q3f-2j67 * Tue Apr 28 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.48-1 - Update to 3.1.48; closes RHBZ#2460480, fixes GHSA-rpm5-65cw-6hj4, fixes GHSA-x2qx-6953-8485, and fixes GHSA-7545-fcxq-7j24 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460480 - GitPython-3.1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=2460480 [ 2 ] Bug #2463714 - GitPython-3.1.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463714 -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-26.0.1.0.8-0.1.el9 (FEDORA-EPEL-2026-bc75c84faa) OpenJDK 26 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK CPU 04/2026 for jdk26 rpms -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-2 - RPMAUTOSPEC: unresolvable merge -------------------------------------------------------------------------------- ================================================================================ perl-Text-CSV_XS-1.62-1.el9 (FEDORA-EPEL-2026-40a8ca8948) Comma-separated values manipulation routines -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. Includes fix for potential stack corruption (CVE-2026-7111). -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Paul Howarth <paul(a)city-fan.org> - 1.62-1 - Update to 1.62 (rhbz#2463743) - It is 2026 - Fix possible stack corruption (GH#65, CVE-2026-7111) * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sun Jul 27 2025 Paul Howarth <paul(a)city-fan.org> - 1.61-1 - Update to 1.61 (rhbz#2383739) - Add love letter to CSV from xan project with reference - Bugtracker to Github (long overdue) (GH#63) - Update to Devel::PPPort-3.73 * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.60-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.60-2 - Perl 5.42 rebuild * Fri Jan 31 2025 Paul Howarth <paul(a)city-fan.org> - 1.60-1 - Update to 1.60 (rhbz#2343165) - Add SECURITY.md - CR/NL/CRNL inside quoted fields not affected by strict_eol - Fix incorrect error 2014 (GH#62) * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.59-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Jan 5 2025 Paul Howarth <paul(a)city-fan.org> - 1.59-1 - Update to 1.59 (rhbz#2335660) - Fixed EOL test for Windows with crnl layer - It is 2025 * Mon Dec 30 2024 Paul Howarth <paul(a)city-fan.org> - 1.58-1 - Update to 1.58 (rhbz#2334923) - Add strict_eol (warnings default in csv()) - Add XS line number in errors - Add streaming support (not set in stone) * Tue Nov 12 2024 Paul Howarth <paul(a)city-fan.org> - 1.57-1 - Update to 1.57 (rhbz#2325504) - Add on_error callback to csv() - Retain runtime error from csv() * Sun Aug 11 2024 Paul Howarth <paul(a)city-fan.org> - 1.56-1 - Update to 1.56 (rhbz#2303862) - Yet another strict/comment_str conflict (GH#57) - Strict affected by column_names * Fri Jul 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.55-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jun 18 2024 Paul Howarth <paul(a)city-fan.org> - 1.55-1 - Update to 1.55 (rhbz#2292859) - More fixes for strict under bind_columns (GH#54) - Strict won't hide previous error (GH#56) - Update to Devel::PPPort-3.72 * Mon Jun 10 2024 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.54-2 - Perl 5.40 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463743 - perl-Text-CSV_XS-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463743 -------------------------------------------------------------------------------- ================================================================================ radicale-3.7.2-1.el9 (FEDORA-EPEL-2026-e9bb3bd565) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Update to 3.7.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Peter Bieringer <pb(a)bieringer.de> - 3.7.2-1 - Update to 3.7.2 -------------------------------------------------------------------------------- ================================================================================ rust-ctutils-0.4.2-1.el9 (FEDORA-EPEL-2026-26fd76080e) Constant-time utility library with selection and equality testing support -------------------------------------------------------------------------------- Update Information: Initial packaging of the ctutils crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.2-1 - Initial import (#2445639) --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.2 updates-testing report
by updates＠fedoraproject.org 29 Apr '26

29 Apr '26

The following Fedora EPEL 10.2 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8b61559fc0 rust-openssl-0.10.78-1.el10_2 rust-openssl-sys-0.9.114-1.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5e2c50cadf perl-CryptX-0.088-2.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-923c043eb9 pdns-5.0.4-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ba79b9dff1 mbedtls-3.6.6-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-07552e95ef openvpn-2.7.3-1.el10_2 The following builds have been pushed to Fedora EPEL 10.2 updates-testing GitPython-3.1.49-1.el10_2 NetworkManager-l2tp-1.52.2-1.el10_2 java-latest-openjdk-26.0.1.0.8-0.1.el10_2 perl-Text-CSV_XS-1.62-1.el10_2 python-httpx-0.28.1-4.el10_2 rust-thin-vec-0.2.18-1.el10_2 Details about builds: ================================================================================ GitPython-3.1.49-1.el10_2 (FEDORA-EPEL-2026-10d594fc6f) Python Git Library -------------------------------------------------------------------------------- Update Information: Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.49-1 - Update to 3.1.49; closes RHBZ#2463714 and fixes GHSA-v87r-6q3f-2j67 * Tue Apr 28 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.48-1 - Update to 3.1.48; closes RHBZ#2460480, fixes GHSA-rpm5-65cw-6hj4, fixes GHSA-x2qx-6953-8485, and fixes GHSA-7545-fcxq-7j24 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460480 - GitPython-3.1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=2460480 [ 2 ] Bug #2463714 - GitPython-3.1.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463714 -------------------------------------------------------------------------------- ================================================================================ NetworkManager-l2tp-1.52.2-1.el10_2 (FEDORA-EPEL-2026-86f17f83eb) NetworkManager VPN plugin for L2TP and L2TP/IPsec -------------------------------------------------------------------------------- Update Information: Updated to 1.52.2 release which has experimental IPv6 support -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 23 2026 Douglas Kosovic <doug(a)uq.edu.au> - 1.52.2-1 - Updated to 1.52.2 release which has experimental IPv6 support. - Update CVE-2025-9615 related Requires and BuildRequires. - Fix typos found by codespell. * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.52.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.52.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sun Jan 11 2026 Douglas Kosovic <doug(a)uq.edu.au> - 1.52.0-1 - Updated to 1.52.0 release Verify file permissions for private connections to prevent unprivileged user from using other user's certs (CVE-2025-9615) - Ensure NetworkManager dependency has CVE-2025-9615 update. - Correct sed example in generated README.Fedora and README.EPEL files. * Wed Nov 12 2025 Douglas Kosovic <doug(a)uq.edu.au> - 1.20.20-5 - Add README.Fedora for Fedora or README.EPEL for EPEL - Use (go-l2tp or xl2tpd) dependency for Fedora 43 to handle upgrades from earlier Fedora versions that had xl2tpd installed. * Tue Aug 26 2025 Douglas Kosovic <doug(a)uq.edu.au> - 1.20.20-4 - Fix orphaned xl2tpd dependency issue, switch to go-l2tp (rhbz#2390669,rhbz#2390688) * Wed Jul 23 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.20.20-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Thu Jan 16 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.20.20-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-26.0.1.0.8-0.1.el10_2 (FEDORA-EPEL-2026-3884930b55) OpenJDK 26 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK CPU 04/2026 for jdk26 rpms -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-1 - Updated to repack 26.0.1+8 -------------------------------------------------------------------------------- ================================================================================ perl-Text-CSV_XS-1.62-1.el10_2 (FEDORA-EPEL-2026-809588f3cc) Comma-separated values manipulation routines -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. Includes fix for potential stack corruption (CVE-2026-7111). -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Paul Howarth <paul(a)city-fan.org> - 1.62-1 - Update to 1.62 (rhbz#2463743) - It is 2026 - Fix possible stack corruption (GH#65, CVE-2026-7111) * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sun Jul 27 2025 Paul Howarth <paul(a)city-fan.org> - 1.61-1 - Update to 1.61 (rhbz#2383739) - Add love letter to CSV from xan project with reference - Bugtracker to Github (long overdue) (GH#63) - Update to Devel::PPPort-3.73 * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.60-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.60-2 - Perl 5.42 rebuild * Fri Jan 31 2025 Paul Howarth <paul(a)city-fan.org> - 1.60-1 - Update to 1.60 (rhbz#2343165) - Add SECURITY.md - CR/NL/CRNL inside quoted fields not affected by strict_eol - Fix incorrect error 2014 (GH#62) * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.59-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Jan 5 2025 Paul Howarth <paul(a)city-fan.org> - 1.59-1 - Update to 1.59 (rhbz#2335660) - Fixed EOL test for Windows with crnl layer - It is 2025 * Mon Dec 30 2024 Paul Howarth <paul(a)city-fan.org> - 1.58-1 - Update to 1.58 (rhbz#2334923) - Add strict_eol (warnings default in csv()) - Add XS line number in errors - Add streaming support (not set in stone) * Tue Nov 12 2024 Paul Howarth <paul(a)city-fan.org> - 1.57-1 - Update to 1.57 (rhbz#2325504) - Add on_error callback to csv() - Retain runtime error from csv() -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463743 - perl-Text-CSV_XS-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463743 -------------------------------------------------------------------------------- ================================================================================ python-httpx-0.28.1-4.el10_2 (FEDORA-EPEL-2026-57a3cda5b2) Next-generation HTTP client for Python -------------------------------------------------------------------------------- Update Information: This fixes a dependency problem caused by the python3-rich dependency getting updated. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Miro Hrončok <miro(a)hroncok.cz> - 0.28.1-4 - Allow newer rich * Wed Apr 29 2026 Carl George <carlwgeorge(a)fedoraproject.org> - 0.28.1-3 - Re-enable tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463716 - python3-httpx+cli: fails to install from EPEL 10.2/10.3 https://bugzilla.redhat.com/show_bug.cgi?id=2463716 -------------------------------------------------------------------------------- ================================================================================ rust-thin-vec-0.2.18-1.el10_2 (FEDORA-EPEL-2026-4710a87f6e) Vec that takes up less space on the stack -------------------------------------------------------------------------------- Update Information: Update to version 0.2.18; fixes changelogs for 0.2.17. Update to version 0.2.17: Prefer core::marker and core::mem to fix --no-default- features -F gecko-ffi -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2.18-1 - Update to version 0.2.18; Fixes RHBZ#2463804 * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2.17-1 - Update to version 0.2.17; Fixes RHBZ#2463780 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463780 - rust-thin-vec-0.2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463780 [ 2 ] Bug #2463804 - rust-thin-vec-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463804 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.3 updates-testing report
by updates＠fedoraproject.org 29 Apr '26

29 Apr '26

The following Fedora EPEL 10.3 Security updates need testing: Age URL 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a5d0ca57c2 nuclei-3.8.0-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-73102895f0 rust-openssl-0.10.78-1.el10_3 rust-openssl-sys-0.9.114-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-71cdc386ed perl-CryptX-0.088-2.el10_3 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c519ad7ae2 pdns-5.0.4-1.el10_3 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-59a9d512a4 mbedtls-3.6.6-1.el10_3 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5560315e97 openvpn-2.7.3-1.el10_3 The following builds have been pushed to Fedora EPEL 10.3 updates-testing GitPython-3.1.49-1.el10_3 java-latest-openjdk-26.0.1.0.8-0.1.el10_3 java-latest-openjdk-portable-26.0.1.0.8-1.rolling.el8 perl-Text-CSV_XS-1.62-1.el10_3 python-gitlab-8.3.0-1.el10_3 python-httpx-0.28.1-4.el10_3 radicale-3.7.2-1.el10_3 ruff-0.15.11-1.el10_3 rust-ctutils-0.4.2-1.el10_3 rust-quanta-0.12.6-4.el10_3 rust-thin-vec-0.2.18-1.el10_3 Details about builds: ================================================================================ GitPython-3.1.49-1.el10_3 (FEDORA-EPEL-2026-77c79f5666) Python Git Library -------------------------------------------------------------------------------- Update Information: Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, GHSA-7545-fcxq-7j24, and GHSA-v87r-6q3f-2j67. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.49-1 - Update to 3.1.49; closes RHBZ#2463714 and fixes GHSA-v87r-6q3f-2j67 * Tue Apr 28 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.48-1 - Update to 3.1.48; closes RHBZ#2460480, fixes GHSA-rpm5-65cw-6hj4, fixes GHSA-x2qx-6953-8485, and fixes GHSA-7545-fcxq-7j24 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460480 - GitPython-3.1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=2460480 [ 2 ] Bug #2463714 - GitPython-3.1.49 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463714 -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-26.0.1.0.8-0.1.el10_3 (FEDORA-EPEL-2026-7ceb3bd6f4) OpenJDK 26 Runtime Environment -------------------------------------------------------------------------------- Update Information: OpenJDK CPU 04/2026 for jdk26 rpms -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-1 - Updated to repack 26.0.1+8 -------------------------------------------------------------------------------- ================================================================================ java-latest-openjdk-portable-26.0.1.0.8-1.rolling.el8 (FEDORA-EPEL-2026-71c6dcd9ec) OpenJDK 26 Runtime Environment portable edition -------------------------------------------------------------------------------- Update Information: OpenJDK April CPU - for now jdk21 and 25. 26 is in progress -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.1.0.8-1 - updated to openjdk-26.0.1+8 - Add JDK-8375294 EOPNOTSUPP patch ahead of 25.0.4 - Resolves: OPENJDK-4675 - Update release notes to 25.0.3+9 - Update FIPS patch to 57722aab802 version synced with 25.0.3+8 - Drop local libpng patches now JDK-8372534, JDK-8375063 & JDK-8377526 are included upstream - Drop local HarfBuzz patch now JDK-8375057 is included upstream - Bump freetype version to 2.14.2 following JDK-8373290 & JDK-8379158 - Bump giflib version to 6.1.2 following JDK-8379256 & JDK-8380078 - Bump libpng version to 1.6.57 following JDK-8380959 & JDK-8382047 - Bump zlib version to 1.3.2 following JDK-8378631 - ** This tarball is embargoed until 2026-04-21 @ 1pm PT. ** - Resolves: OPENJDK-4634 - Resolves: OPENJDK-4656 - Resolves: OPENJDK-4607 * Wed Mar 25 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.0.0.35-3 - Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown - Fix FIPS issue list to represent the new 25u version - Resolves: OPENJDK-4570 * Wed Mar 25 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.0.0.35-2 - Set buildjdk to 26 * Tue Mar 24 2026 Jiri Vanek <jvanek(a)redhat.com> - 1:26.0.0.0.35-1 - Bumped to jdk26+35 (ga) -------------------------------------------------------------------------------- ================================================================================ perl-Text-CSV_XS-1.62-1.el10_3 (FEDORA-EPEL-2026-30c95060a0) Comma-separated values manipulation routines -------------------------------------------------------------------------------- Update Information: Cumulative bug-fix update. Includes fix for potential stack corruption (CVE-2026-7111). -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Paul Howarth <paul(a)city-fan.org> - 1.62-1 - Update to 1.62 (rhbz#2463743) - It is 2026 - Fix possible stack corruption (GH#65, CVE-2026-7111) * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.61-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sun Jul 27 2025 Paul Howarth <paul(a)city-fan.org> - 1.61-1 - Update to 1.61 (rhbz#2383739) - Add love letter to CSV from xan project with reference - Bugtracker to Github (long overdue) (GH#63) - Update to Devel::PPPort-3.73 * Fri Jul 25 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.60-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.60-2 - Perl 5.42 rebuild * Fri Jan 31 2025 Paul Howarth <paul(a)city-fan.org> - 1.60-1 - Update to 1.60 (rhbz#2343165) - Add SECURITY.md - CR/NL/CRNL inside quoted fields not affected by strict_eol - Fix incorrect error 2014 (GH#62) * Sat Jan 18 2025 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.59-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Jan 5 2025 Paul Howarth <paul(a)city-fan.org> - 1.59-1 - Update to 1.59 (rhbz#2335660) - Fixed EOL test for Windows with crnl layer - It is 2025 * Mon Dec 30 2024 Paul Howarth <paul(a)city-fan.org> - 1.58-1 - Update to 1.58 (rhbz#2334923) - Add strict_eol (warnings default in csv()) - Add XS line number in errors - Add streaming support (not set in stone) * Tue Nov 12 2024 Paul Howarth <paul(a)city-fan.org> - 1.57-1 - Update to 1.57 (rhbz#2325504) - Add on_error callback to csv() - Retain runtime error from csv() -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463743 - perl-Text-CSV_XS-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463743 -------------------------------------------------------------------------------- ================================================================================ python-gitlab-8.3.0-1.el10_3 (FEDORA-EPEL-2026-4c25fd8110) Interact with GitLab API -------------------------------------------------------------------------------- Update Information: Update 8.3.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Steve Traylen <steve.traylen(a)cern.ch> - 8.3.0-1 - Update to 8.3.0 - Resolves: rhbz#2455997 -------------------------------------------------------------------------------- ================================================================================ python-httpx-0.28.1-4.el10_3 (FEDORA-EPEL-2026-10452c2d15) Next-generation HTTP client for Python -------------------------------------------------------------------------------- Update Information: This fixes a dependency problem caused by the python3-rich dependency getting updated. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Miro Hrončok <miro(a)hroncok.cz> - 0.28.1-4 - Allow newer rich * Wed Apr 29 2026 Carl George <carlwgeorge(a)fedoraproject.org> - 0.28.1-3 - Re-enable tests -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463716 - python3-httpx+cli: fails to install from EPEL 10.2/10.3 https://bugzilla.redhat.com/show_bug.cgi?id=2463716 -------------------------------------------------------------------------------- ================================================================================ radicale-3.7.2-1.el10_3 (FEDORA-EPEL-2026-b07a161c1f) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Update to 3.7.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Peter Bieringer <pb(a)bieringer.de> - 3.7.2-1 - Update to 3.7.2 -------------------------------------------------------------------------------- ================================================================================ ruff-0.15.11-1.el10_3 (FEDORA-EPEL-2026-eb07873a5a) Extremely fast Python linter and code formatter -------------------------------------------------------------------------------- Update Information: Update to version 0.15.11. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 21 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.15.11-1 - Update to version 0.15.11; Fixes RHBZ#2459087 * Sat Apr 11 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.15.10-1 - Update to 0.15.10 (close RHBZ#2456938) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2459087 - ruff-0.15.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=2459087 -------------------------------------------------------------------------------- ================================================================================ rust-ctutils-0.4.2-1.el10_3 (FEDORA-EPEL-2026-fb33ca1070) Constant-time utility library with selection and equality testing support -------------------------------------------------------------------------------- Update Information: Initial packaging of the ctutils crate. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Fabio Valentini <decathorpe(a)gmail.com> - 0.4.2-1 - Initial import (#2445639) -------------------------------------------------------------------------------- ================================================================================ rust-quanta-0.12.6-4.el10_3 (FEDORA-EPEL-2026-920b6955e3) High-speed timing library -------------------------------------------------------------------------------- Update Information: Missing rebuild of quanta for prost 0.14, fixes installability issues. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Cristian Le <git(a)lecris.dev> - 0.12.6-4 - Rebuild for prost-0.14 - Remove the tomcli patching * Sat Jan 17 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-thin-vec-0.2.18-1.el10_3 (FEDORA-EPEL-2026-c385320af3) Vec that takes up less space on the stack -------------------------------------------------------------------------------- Update Information: Update to version 0.2.18; fixes changelogs for 0.2.17. Update to version 0.2.17: Prefer core::marker and core::mem to fix --no-default- features -F gecko-ffi -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2.18-1 - Update to version 0.2.18; Fixes RHBZ#2463804 * Wed Apr 29 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.2.17-1 - Update to version 0.2.17; Fixes RHBZ#2463780 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463780 - rust-thin-vec-0.2.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463780 [ 2 ] Bug #2463804 - rust-thin-vec-0.2.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463804 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.1 updates-testing report
by updates＠fedoraproject.org 28 Apr '26

28 Apr '26

The following Fedora EPEL 10.1 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-b07e7294a0 lemonldap-ng-2.22.3-1.el10_1 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-87bd2ef01e openbao-2.5.3-1.el10_1 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-401e78e90b perl-CryptX-0.088-2.el10_1 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-74491d040c pdns-5.0.4-1.el10_1 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-479c1d4133 mbedtls-3.6.6-1.el10_1 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a534b99d27 openvpn-2.7.3-1.el10_1 The following builds have been pushed to Fedora EPEL 10.1 updates-testing pie-1.4.2-1.el10_1 python-python-multipart-0.0.27-1.el10_1 Details about builds: ================================================================================ pie-1.4.2-1.el10_1 (FEDORA-EPEL-2026-324c1bdc2d) PHP Installer for Extensions -------------------------------------------------------------------------------- Update Information: Version 1.4.2 prevent pre-packaged-binary from being used when configure options are passed thanks to @asgrim -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 25 2026 Remi Collet <remi(a)remirepo.net> - 1.4.2-1 - update to 1.4.2 -------------------------------------------------------------------------------- ================================================================================ python-python-multipart-0.0.27-1.el10_1 (FEDORA-EPEL-2026-a3ef1ff195) A streaming multipart parser for Python -------------------------------------------------------------------------------- Update Information: 0.0.27 (2026-04-27) Add multipart header limits. Pass parse offsets via constructors. 0.0.26 (2026-04-10) Skip preamble before the first multipart boundary more efficiently. Silently discard epilogue data after the closing multipart boundary -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Packit <hello(a)packit.dev> - 0.0.27-1 - Update to 0.0.27 upstream release - Resolves: rhbz#2463212 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463212 - python-python-multipart-0.0.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463212 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.2 updates-testing report
by updates＠fedoraproject.org 28 Apr '26

28 Apr '26

The following Fedora EPEL 10.2 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8690c7f540 lemonldap-ng-2.22.3-1.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-634a86a46c openbao-2.5.3-1.el10_2 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-229f2e4691 rust-rustls-webpki-0.103.13-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-8b61559fc0 rust-openssl-0.10.78-1.el10_2 rust-openssl-sys-0.9.114-1.el10_2 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5e2c50cadf perl-CryptX-0.088-2.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-923c043eb9 pdns-5.0.4-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ba79b9dff1 mbedtls-3.6.6-1.el10_2 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-07552e95ef openvpn-2.7.3-1.el10_2 The following builds have been pushed to Fedora EPEL 10.2 updates-testing pie-1.4.2-1.el10_2 python-openstackclient-9.0.0-3.el10_2 python-python-multipart-0.0.27-1.el10_2 Details about builds: ================================================================================ pie-1.4.2-1.el10_2 (FEDORA-EPEL-2026-d60542b5d5) PHP Installer for Extensions -------------------------------------------------------------------------------- Update Information: Version 1.4.2 prevent pre-packaged-binary from being used when configure options are passed thanks to @asgrim -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 25 2026 Remi Collet <remi(a)remirepo.net> - 1.4.2-1 - update to 1.4.2 -------------------------------------------------------------------------------- ================================================================================ python-openstackclient-9.0.0-3.el10_2 (FEDORA-EPEL-2026-3fc9a10cb2) OpenStack Command-line Client -------------------------------------------------------------------------------- Update Information: No longer creates an unmanaged file in /etc/bash-completion.d Introduces a timer and service. openstack-completion.timer openstack-completiin.service To maintain bash completion files dependent on which packages are installed. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Steve Traylen <steve.traylen(a)cern.ch> - 9.0.0-3 - Add openstack-completion.service - Build docs for available clients -------------------------------------------------------------------------------- ================================================================================ python-python-multipart-0.0.27-1.el10_2 (FEDORA-EPEL-2026-28684140a1) A streaming multipart parser for Python -------------------------------------------------------------------------------- Update Information: 0.0.27 (2026-04-27) Add multipart header limits. Pass parse offsets via constructors. 0.0.26 (2026-04-10) Skip preamble before the first multipart boundary more efficiently. Silently discard epilogue data after the closing multipart boundary -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Packit <hello(a)packit.dev> - 0.0.27-1 - Update to 0.0.27 upstream release - Resolves: rhbz#2463212 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463212 - python-python-multipart-0.0.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463212 --------------------------------------------------------------------------------

1 0

Fedora EPEL 10.3 updates-testing report
by updates＠fedoraproject.org 28 Apr '26

28 Apr '26

The following Fedora EPEL 10.3 Security updates need testing: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-146c20fe60 ngtcp2-1.22.1-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-a5d0ca57c2 nuclei-3.8.0-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-199eec0272 lemonldap-ng-2.22.3-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-07f2d57b32 botan3-3.9.0-4.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-775ee5b1af openbao-2.5.3-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-cd38d25ce0 rust-rustls-webpki-0.103.13-1.el10_3 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-4deb1b7241 glow-2.1.2-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-73102895f0 rust-openssl-0.10.78-1.el10_3 rust-openssl-sys-0.9.114-1.el10_3 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-71cdc386ed perl-CryptX-0.088-2.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-c519ad7ae2 pdns-5.0.4-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-59a9d512a4 mbedtls-3.6.6-1.el10_3 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-5560315e97 openvpn-2.7.3-1.el10_3 The following builds have been pushed to Fedora EPEL 10.3 updates-testing GitPython-3.1.48-1.el10_3 libxchange-1.1.2-1.el10_3 perl-DateTime-TimeZone-2.68-1.el10_3 php-pecl-mongodb2-2.3.0-1.el10_3 pie-1.4.2-1.el10_3 python-openstackclient-9.0.0-3.el10_3 python-python-multipart-0.0.27-1.el10_3 Details about builds: ================================================================================ GitPython-3.1.48-1.el10_3 (FEDORA-EPEL-2026-c915864ece) Python Git Library -------------------------------------------------------------------------------- Update Information: Fixes security defects GHSA-rpm5-65cw-6hj4, GHSA-x2qx-6953-8485, and GHSA-7545-fcxq-7j24. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Benjamin A. Beasley <code(a)musicinmybrain.net> - 3.1.48-1 - Update to 3.1.48; closes RHBZ#2460480, fixes GHSA-rpm5-65cw-6hj4, fixes GHSA-x2qx-6953-8485, and fixes GHSA-7545-fcxq-7j24 * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jan 16 2026 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.46-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2460480 - GitPython-3.1.48 is available https://bugzilla.redhat.com/show_bug.cgi?id=2460480 -------------------------------------------------------------------------------- ================================================================================ libxchange-1.1.2-1.el10_3 (FEDORA-EPEL-2026-f49a26725f) Structured data representation and JSON support for C/C++ -------------------------------------------------------------------------------- Update Information: Update to upstream v1.1.2 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 27 2026 Attila Kovacs <attipaci(a)gmail.com> - 1.1.2-1 - Update to upstream v1.1.2 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-2.68-1.el10_3 (FEDORA-EPEL-2026-eb6f14e2a0) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: 2.68 - This release is based on version 2026b of the Olson database. This release includes contemporary changes for British Columbia, CA. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.68-1 - 2.68 bump (2026b Olson database) - rhbz#2461242 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2461242 - perl-DateTime-TimeZone-2.68 is available https://bugzilla.redhat.com/show_bug.cgi?id=2461242 -------------------------------------------------------------------------------- ================================================================================ php-pecl-mongodb2-2.3.0-1.el10_3 (FEDORA-EPEL-2026-1780a88c07) MongoDB driver for PHP version 2 -------------------------------------------------------------------------------- Update Information: Version 2.3.0 Release Highlights Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write- blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. Supported on all commands. Custom application retry logic may need to be adjusted to avoid retrying too long. Upgrade is recommended to avoid impacts of server changes related to overload errors. If not upgrading, custom application retry logic may need to be adjusted to handle higher rates of overload errors. See Overload Errors. Add URI option maxAdaptiveRetries to configure the maximum number of retries for operations that fail with a SystemOverloadedError (default: 2). Add URI option enableOverloadRetargeting to control whether retries of SystemOverloadedError will attempt to use a different server (default: false). Add typed, read-only properties for value objects and events (not BSON) Base64 encode binary data when debugging Deprecate hedge option in ReadPreference Require non-null namespace and database arguments in Manager Fix cloning Javascript objects without a scope Out-of-source build: Don't necessarily generate files in the source tree by @vector-of-bool Avoid string length calculations for bson_append calls A complete list of resolved issues in this release may be found in JIRA. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Remi Collet <remi(a)remirepo.net> - 2.3.0-1 - update to 2.3.0 - raise dependency on libmongoc 2.3.0 and libmongocrypt 1.17.3 - drop pear/pecl dependency - sources from github -------------------------------------------------------------------------------- ================================================================================ pie-1.4.2-1.el10_3 (FEDORA-EPEL-2026-3da6d7bf7e) PHP Installer for Extensions -------------------------------------------------------------------------------- Update Information: Version 1.4.2 prevent pre-packaged-binary from being used when configure options are passed thanks to @asgrim -------------------------------------------------------------------------------- ChangeLog: * Sat Apr 25 2026 Remi Collet <remi(a)remirepo.net> - 1.4.2-1 - update to 1.4.2 -------------------------------------------------------------------------------- ================================================================================ python-openstackclient-9.0.0-3.el10_3 (FEDORA-EPEL-2026-5421bc1f5e) OpenStack Command-line Client -------------------------------------------------------------------------------- Update Information: No longer creates an unmanaged file in /etc/bash-completion.d Introduces a timer and service. openstack-completion.timer openstack-completiin.service To maintain bash completion files dependent on which packages are installed. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Steve Traylen <steve.traylen(a)cern.ch> - 9.0.0-3 - Add openstack-completion.service - Build docs for available clients -------------------------------------------------------------------------------- ================================================================================ python-python-multipart-0.0.27-1.el10_3 (FEDORA-EPEL-2026-7652612632) A streaming multipart parser for Python -------------------------------------------------------------------------------- Update Information: 0.0.27 (2026-04-27) Add multipart header limits. Pass parse offsets via constructors. 0.0.26 (2026-04-10) Skip preamble before the first multipart boundary more efficiently. Silently discard epilogue data after the closing multipart boundary -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 28 2026 Packit <hello(a)packit.dev> - 0.0.27-1 - Update to 0.0.27 upstream release - Resolves: rhbz#2463212 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2463212 - python-python-multipart-0.0.27 is available https://bugzilla.redhat.com/show_bug.cgi?id=2463212 --------------------------------------------------------------------------------

1 0

[Fedocal] Reminder meeting : EPEL Steering Committee
by tdawson＠redhat.com 28 Apr '26

28 Apr '26

Dear all, You are kindly invited to the meeting: EPEL Steering Committee on 2026-04-29 from 18:00:00 to 19:00:00 UTC At meeting-1(a)chat.fedoraproject.org The meeting will be about: https://chat.fedoraproject.org/#/room/#meeting:fedoraproject.org This is the weekly EPEL Steering Committee Meeting. A general agenda is the following: #topic aloha #topic EPEL Issues https://pagure.io/epel/issues * https://pagure.io/epel/issues?tags=meeting&status=Open #topic Old Business (if needed) #topic General Issues / Open Floor Source: https://calendar.fedoraproject.org//meeting/11230/

1 0

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel April 2026