The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-1e3b2a7b2f
libtommath-1.2.0-10.el9
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-d9153eda95
salt-3005.2-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
aspell-ta-20040424-31.el9
borgbackup-1.2.6-1.el9
dnsdist-1.8.1-1.el9
gpsd-epel-3.23.1-2.el9
packit-0.80.0-1.el9
python-brukerapi-0.1.9-2.el9
python-ogr-0.46.0-1.el9
python-userpath-1.9.1-1.el9
Details about builds:
================================================================================
aspell-ta-20040424-31.el9 (FEDORA-EPEL-2023-8edda5c1d1)
GNU Aspell Tamil Dictionary Package
--------------------------------------------------------------------------------
Update Information:
Initial epel9 package
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
20040424-31
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jun 30 2023 Parag Nemade <pnemade AT fedoraproject DOT org> - 20040424-30
- Resolves:rhbz#2218586 - Add deprecated() as aspell package is deprecated from F39
- Migrate to SPDX license expression
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
20040424-29
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
20040424-28
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
20040424-27
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> -
20040424-26
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2178787 - Please branch and build aspell-ta in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2178787
--------------------------------------------------------------------------------
================================================================================
borgbackup-1.2.6-1.el9 (FEDORA-EPEL-2023-d7c164b6bb)
A deduplicating backup program with compression and authenticated encryption
--------------------------------------------------------------------------------
Update Information:
fix for CVE-2023-36811: spoofed archive leads to data loss Please note that
starting with borgbackup 1.2.5 all borg repos must use TAM authentication:
https://github.com/borgbackup/borg/blob/1.2.6/docs/changes.rst#pre-125-ar...
spoofing-vulnerability-cve-2023-36811
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 5 2023 Felix Schwarz <fschwarz(a)fedoraproject.org> - 1.2.6-1
- update to 1.2.6 to fix CVE-2023-36811
- rely on auto-generated version requirement for msgpack
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2236304 - CVE-2023-36811 borgbackup: spoofed archive leads to data loss
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2236304
--------------------------------------------------------------------------------
================================================================================
dnsdist-1.8.1-1.el9 (FEDORA-EPEL-2023-f26e7543e7)
Highly DNS-, DoS- and abuse-aware loadbalancer
--------------------------------------------------------------------------------
Update Information:
Uppdate to 1.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 8 2023 Sander Hoentjen <shoentjen(a)antagonist.nl> - 1.8.1-1
- Update to 1.8.1 (#2183113)
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Mar 30 2023 Sander Hoentjen <sander(a)hoentjen.eu> - 1.8.0-2
- Fix specfile error
* Thu Mar 30 2023 Sander Hoentjen <sander(a)hoentjen.eu> - 1.8.0-1
- Update to 1.8.0 (#2128188)
* Mon Feb 20 2023 Sander Hoentjen <sander(a)hoentjen.eu> - 1.7.3-3
- add patch for missing includes
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2171471 - dnsdist: FTBFS in Fedora rawhide/f38
https://bugzilla.redhat.com/show_bug.cgi?id=2171471
[ 2 ] Bug #2183113 - dnsdist-1.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2183113
--------------------------------------------------------------------------------
================================================================================
gpsd-epel-3.23.1-2.el9 (FEDORA-EPEL-2023-a2c2f5f191)
Service daemon for mediating access to a GPS
--------------------------------------------------------------------------------
Update Information:
Convert EPEL9 gpsd to gpsd-epel with just gpsd-libs, gpsd-devel and python3-gpsd
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 8 2023 Troy Dawson <tdawson(a)redhat.com> - 1:3.23.1-2
- Convert EPEL9 gpsd to gpsd-epel with just gpsd-libs, gpsd-devel and python3-gpsd
* Mon Sep 27 2021 Miroslav Lichvar <mlichvar(a)redhat.com> - 1:3.23.1-1
- update to 3.23.1
- add old status names to gps.h for compatibility
--------------------------------------------------------------------------------
================================================================================
packit-0.80.0-1.el9 (FEDORA-EPEL-2023-3217d88afc)
A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:
Automatic update for packit-0.80.0-1.el9. ##### **Changelog for packit** ``` *
Fri Sep 08 2023 Packit <hello(a)packit.dev> - 0.80.0-1 - Packit CLI now provides a
new command `pull-from-upstream`, offering the same functionality as `propose-
downstream` but suited for usage from the dist-git repository with Packit
configuration placed there. This was primarily added to help reproduce the
behaviour of the service's [pull_from_upstream
job](https://packit.dev/docs/configuration/downstream/pull_from_upstream).
(#2063) - Packit now exposes `PACKIT_PACKAGE_NAME`,
`PACKIT_UPSTREAM_PACKAGE_NAME` and `PACKIT_DOWNSTREAM_PACKAGE_NAME` environment
variables to all actions. (#2061) - We have fixed a bug in `packit source-git
init` caused by changed behaviour in a newer version of rpmbuild. (#2048) ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 8 2023 Packit <hello(a)packit.dev> - 0.80.0-1
- Packit CLI now provides a new command `pull-from-upstream`, offering the same
functionality as `propose-downstream` but suited for usage from the dist-git repository
with Packit configuration placed there. This was primarily added to help reproduce the
behaviour of the service's [pull_from_upstream
job](https://packit.dev/docs/configuration/downstream/pull_from_upstream). (#2063)
- Packit now exposes `PACKIT_PACKAGE_NAME`, `PACKIT_UPSTREAM_PACKAGE_NAME` and
`PACKIT_DOWNSTREAM_PACKAGE_NAME` environment variables to all actions. (#2061)
- We have fixed a bug in `packit source-git init` caused by changed behaviour in a newer
version of rpmbuild. (#2048)
--------------------------------------------------------------------------------
================================================================================
python-brukerapi-0.1.9-2.el9 (FEDORA-EPEL-2023-9c1819e640)
Python package providing I/O interface for Bruker data sets
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 7 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.1.9-2
- Patch to explicitly distribute brukerapi.config
- Fixes a warning from setuptools about ambiguous configuration
* Thu Sep 7 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.1.9-1
- Initial package (close RHBZ#2235132)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2235132 - Review Request: python-brukerapi - Python package providing I/O
interface for Bruker data sets
https://bugzilla.redhat.com/show_bug.cgi?id=2235132
--------------------------------------------------------------------------------
================================================================================
python-ogr-0.46.0-1.el9 (FEDORA-EPEL-2023-b03452be33)
One API for multiple git forges
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-ogr-0.46.0-1.el9. ##### **Changelog for python-
ogr** ``` * Fri Sep 08 2023 Packit <hello(a)packit.dev> - 0.46.0-1 - We have
fixed a bug in `get_fork` method for Pagure about checking the usernames for a
match when going through existing forks. (#800) ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 8 2023 Packit <hello(a)packit.dev> - 0.46.0-1
- We have fixed a bug in `get_fork` method for Pagure about checking the usernames for a
match when going through existing forks. (#800)
--------------------------------------------------------------------------------
================================================================================
python-userpath-1.9.1-1.el9 (FEDORA-EPEL-2023-c772fbbbf8)
Cross-platform tool for adding locations to the user PATH
--------------------------------------------------------------------------------
Update Information:
Update to 1.9.1: Temporarily revert the change on non-Windows systems where only
login shells are modified
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 8 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.9.1-1
- Update to 1.9.1 (close RHBZ#2237836)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2237836 - python-userpath-1.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2237836
--------------------------------------------------------------------------------