The following Fedora EPEL 9 Security updates need testing: Age URL 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-aafd7b2092 stb-0^20230129git5736b15-0.2.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-06f86f0ae3 radare2-5.8.2-2.el9

The following builds have been pushed to Fedora EPEL 9 updates-testing

caddy-2.4.6-6.el9 centpkg-0.7.1-1.el9 chromium-110.0.5481.177-1.el9 fedpkg-1.44-2.el9 mrack-1.13.3-1.el9 python-asyncmy-0.2.5-6.el9 rpkg-1.66-3.el9 rust-bytemuck-1.13.1-1.el9 rust-tokio-1.26.0-1.el9 tkrzw-1.0.26-1.el9

Details about builds:

================================================================================ caddy-2.4.6-6.el9 (FEDORA-EPEL-2023-0d642b2dde) Web server with automatic HTTPS -------------------------------------------------------------------------------- Update Information:

Backport of upstream fix for CVE-2022-29718. -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Carl George carl@george.computer - 2.4.6-6 - Backport of upstream fix for CVE-2022-29718 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2163599 - CVE-2022-29718 caddy: unauthenticated open redirect vulnerability [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2163599 --------------------------------------------------------------------------------

================================================================================ centpkg-0.7.1-1.el9 (FEDORA-EPEL-2023-38f618e077) CentOS utility for working with dist-git -------------------------------------------------------------------------------- Update Information:

Latest upstream -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Troy Dawson tdawson@redhat.com - 0.7.1-1 - Latest upstream * Tue Feb 28 2023 Troy Dawson tdawson@redhat.com - 0.7.0-1 - Latest upstream - adds --rhel-target feature * Wed Jan 18 2023 Fedora Release Engineering releng@fedoraproject.org - 0.6.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ chromium-110.0.5481.177-1.el9 (FEDORA-EPEL-2023-204d0fc951) A WebKit (Blink) powered web browser that Google doesn't want you to use -------------------------------------------------------------------------------- Update Information:

update to 110.0.5481.177. Fixes the following security issues: CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 -------------------------------------------------------------------------------- ChangeLog:

* Thu Feb 23 2023 Than Ngo than@redhat.com - 110.0.5481.177-1 - update to 110.0.5481.177 - workaround for crash on aarch64, rhel8 * Wed Feb 22 2023 Jan Grulich jgrulich@redhat.com - 110.0.5481.100-3 - Enable PipeWire screen sharing on RHEL8+ * Tue Feb 21 2023 Than Ngo than@redhat.com - 110.0.5481.100-2 - fixed bz#2036205, failed to load GLES library --------------------------------------------------------------------------------

================================================================================ fedpkg-1.44-2.el9 (FEDORA-EPEL-2023-e96b7daa8c) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information:

A new release presents these changes: * https://docs.pagure.org/fedpkg/releases/1.44.html * https://docs.pagure.org/rpkg/releases/1.66.html +Patch https://bodhi.fedoraproject.org/updates/FEDORA-2023-e7db0e991f -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Ond��ej Nosek onosek@redhat.com - 1.44-2 - Require a bumped rpkg version * Mon Feb 20 2023 Ond��ej Nosek onosek@redhat.com - 1.44-1 - Do not execute unittests for old bodhi-client (onosek) - New command `disable-monitoring` (onosek) - Set default_branch_merge to 'rawhide' (otto.liljalaakso) - `fedpkg update`: can handle $EDITOR with arguments - #492 (onosek) - Add Jenkinsfile for CI (onosek) * Mon Jan 30 2023 Miro Hron��ok mhroncok@redhat.com - 1.43-3 - Rebuilt to change Python shebangs to /usr/bin/python3.6 on EPEL 8 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.43-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild --------------------------------------------------------------------------------

================================================================================ mrack-1.13.3-1.el9 (FEDORA-EPEL-2023-3d3cd7316d) Multicloud use-case based multihost async provisioner -------------------------------------------------------------------------------- Update Information:

Automatic update for mrack-1.13.3-1.el9. ##### **Changelog for mrack** ``` * Wed Mar 01 2023 Tibor Dudl��k tdudlak@redhat.com - 1.13.3-1 - 0f62237 fix(OpenStack): await loading limits to not break provisioning (Tibor Dudl��k) * Wed Mar 01 2023 Tibor Dudl��k tdudlak@redhat.com - 1.13.2-1 - 06f18d1 fix: Use get method when host error object is a dictionary (Tibor Dudl��k) - fd33d68 fix(Beaker): rerurn common dictionary when validation fails (Tibor Dudl��k) - b6c5ef4 fix(OpenStack): Add exception parameter when validation fails (Tibor Dudl��k) - fa2c779 fix(OpenStack): load limits properly by one method (Tibor Dudl��k) - 61e515f chore: change back mrack dist release to 1 (Tibor Dudl��k) ``` -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Tibor Dudl��k tdudlak@redhat.com - 1.13.3-1 - 0f62237 fix(OpenStack): await loading limits to not break provisioning (Tibor Dudl��k) * Wed Mar 1 2023 Tibor Dudl��k tdudlak@redhat.com - 1.13.2-1 - 06f18d1 fix: Use get method when host error object is a dictionary (Tibor Dudl��k) - fd33d68 fix(Beaker): rerurn common dictionary when validation fails (Tibor Dudl��k) - b6c5ef4 fix(OpenStack): Add exception parameter when validation fails (Tibor Dudl��k) - fa2c779 fix(OpenStack): load limits properly by one method (Tibor Dudl��k) - 61e515f chore: change back mrack dist release to 1 (Tibor Dudl��k) --------------------------------------------------------------------------------

================================================================================ python-asyncmy-0.2.5-6.el9 (FEDORA-EPEL-2023-6dbf30131d) A fast asyncio MySQL/MariaDB driver -------------------------------------------------------------------------------- Update Information:

Update License to SPDX; improve mariadb server startup in build-time tests -------------------------------------------------------------------------------- ChangeLog:

* Tue Feb 28 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.2.5-6 - Drop default argument -r from pyproject_buildrequires * Tue Feb 28 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.2.5-5 - Fix MySQL/mariadb test server startup * Tue Feb 28 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.2.5-4 - Update License to SPDX --------------------------------------------------------------------------------

================================================================================ rpkg-1.66-3.el9 (FEDORA-EPEL-2023-e96b7daa8c) Python library for interacting with rpm+git -------------------------------------------------------------------------------- Update Information:

A new release presents these changes: * https://docs.pagure.org/fedpkg/releases/1.44.html * https://docs.pagure.org/rpkg/releases/1.66.html +Patch https://bodhi.fedoraproject.org/updates/FEDORA-2023-e7db0e991f -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Ond��ej Nosek onosek@redhat.com - 1.66-3 - Patch: Process source URLs with fragment in pre-push hook - Patch: container-build: update --signing-intent help for OSBS 2 * Tue Feb 21 2023 Ond��ej Nosek onosek@redhat.com - 1.66-2 - rebuild for unification of all branches * Mon Feb 20 2023 Ond��ej Nosek onosek@redhat.com - 1.66-1 - container-build: document --compose-ids overrides any new composes (kdreyer) - Use srpm when scratch-building from dirty repo - #652 (otto.liljalaakso) - Code cleanup in tests/test_cli.py (otto.liljalaakso) - Reduce indentation in assert_build helper (otto.liljalaakso) - Allow empty commits - 494 (msuchy) - Allow forcing download of all sources - #650 (otto.liljalaakso) - Add test case for not downloading unused sources (otto.liljalaakso) - Support 'results_dir=subdir' when building from srpm - #648 (otto.liljalaakso) - Use local branch name as release when there is no remote (otto.liljalaakso) - Allow downstreams to define a default release (otto.liljalaakso) - Switch load_branch_merge to use multiple return (otto.liljalaakso) - Unittests for 'git push' hook script (onosek) - Checking a repo configuration before 'git push' with a git hook script - 491 (onosek) - Fix skipping NVR check with autorelease (nils) - pyrpkg.spec.SpecFile: More lenient parser for Source/Patch lines (fweimer) - Fix URL in CHANGELOG.rst (tmz) - Add Jenkinsfile for CI (onosek) - mockbuild: escape rpm command under mock - rhbz#2130349 (onosek) - Fixes for exploded SRPM layouts - #633 (tdawson) - `fedpkg local` does not show rpmbuild output - rhbz#2124809 (onosek) --------------------------------------------------------------------------------

================================================================================ rust-bytemuck-1.13.1-1.el9 (FEDORA-EPEL-2023-25af129bba) Crate for mucking around with piles of bytes -------------------------------------------------------------------------------- Update Information:

Update to version 1.13.1. -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Fabio Valentini decathorpe@gmail.com - 1.13.1-1 - Update to version 1.13.1; Fixes RHBZ#2174225 --------------------------------------------------------------------------------

================================================================================ rust-tokio-1.26.0-1.el9 (FEDORA-EPEL-2023-2fd3e45030) Event-driven, non-blocking I/O platform -------------------------------------------------------------------------------- Update Information:

Update to version 1.26.0. -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 Fabio Valentini decathorpe@gmail.com - 1.26.0-1 - Update to version 1.26.0; Fixes RHBZ#2174594 --------------------------------------------------------------------------------

================================================================================ tkrzw-1.0.26-1.el9 (FEDORA-EPEL-2023-46f1f2120a) A straightforward implementation of DBM -------------------------------------------------------------------------------- Update Information:

Version bump ---- Version bump -------------------------------------------------------------------------------- ChangeLog:

* Wed Mar 1 2023 TI_Eugene ti.eugene@gmail.com - 1.0.26-1 - Version bump * Tue Feb 28 2023 TI_Eugene ti.eugene@gmail.com - 1.0.25-1 - Version bump * Sat Jan 21 2023 Fedora Release Engineering releng@fedoraproject.org - 1.0.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Jul 23 2022 Fedora Release Engineering releng@fedoraproject.org - 1.0.24-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild --------------------------------------------------------------------------------