The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b837bf60e1
ffmpeg-5.1.3-1.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-bc7379a215
chromium-111.0.5563.146-1.el9
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-911b83cb42
netatalk-3.1.14-3.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
certbot-2.5.0-1.el9
imhex-1.28.0-1.el9
inxi-3.3.26-1.el9
javacc-7.0.12-1.el9
pdns-4.7.3-1.el9
pdns-recursor-4.8.4-1.el9
perl-Time-Duration-Parse-0.16-7.el9
php-smbclient-1.1.0-1.el9
python-opentelemetry-1.12.0-5.el9
zabbix-6.0.15-1.el9
zchunk-1.3.1-1.el9
Details about builds:
================================================================================
certbot-2.5.0-1.el9 (FEDORA-EPEL-2023-e2adce7cb6)
A free, automated certificate authority client
--------------------------------------------------------------------------------
Update Information:
update to 2.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Jonathan Wright <jonathan(a)almalinux.org> - 2.5.0-1
- Update to 2.5.0 rhbz#2155209
* Thu Mar 30 2023 Jerry James <loganjerry(a)gmail.com> - 2.2.0-3
- Change fontawesome-fonts R to match fontawesome 4.x
* Thu Mar 30 2023 Jonathan Wright <jonathan(a)almalinux.org> - 2.2.0-2
- add reminder about certbot-renew.timer during install
--------------------------------------------------------------------------------
================================================================================
imhex-1.28.0-1.el9 (FEDORA-EPEL-2023-39fde3b8ae)
A hex editor for reverse engineers and programmers
--------------------------------------------------------------------------------
Update Information:
update to 1.28.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Jonathan Wright <jonathan(a)almalinux.org> - 1.28.0-1
- update to 1.28.0 rhbz#2184379
* Fri Mar 31 2023 Jonathan Wright <jonathan(a)almalinux.org> - 1.27.1-3
- rebuild against yara 4.3
--------------------------------------------------------------------------------
================================================================================
inxi-3.3.26-1.el9 (FEDORA-EPEL-2023-3805efea97)
A full featured system information script
--------------------------------------------------------------------------------
Update Information:
Update to 3.3.26.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 3 2023 Vasiliy N. Glazov <vascom2(a)gmail.com> - 3.3.26-1
- Update to 3.3.26
* Sat Mar 11 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.3.25-2
- Rebuild for
https://pagure.io/releng/issue/11327
--------------------------------------------------------------------------------
================================================================================
javacc-7.0.12-1.el9 (FEDORA-EPEL-2023-956ee56f3b)
A parser/scanner generator for java
--------------------------------------------------------------------------------
Update Information:
Build for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 1 2023 Jerry James <loganjerry(a)gmail.com> - 0:7.0.12-1
- Update to 7.0.12
- Convert License tag to SPDX
- Add bootstrap build mode
- Add patch to fix javadoc errors in the JavaCharStream template
- Add patch to remove duplicate @Deprecated annotations
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
0:7.0.4-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
0:7.0.4-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 8 2022 Jiri Vanek <jvanek(a)redhat.com> - 0:7.0.4-12
- Rebuilt for Drop i686 JDKs
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 0:7.0.4-11
- Rebuilt for java-17-openjdk as system jdk
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
0:7.0.4-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0:7.0.4-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2158919 - Please branch and build javacc for EPEL 9
https://bugzilla.redhat.com/show_bug.cgi?id=2158919
--------------------------------------------------------------------------------
================================================================================
pdns-4.7.3-1.el9 (FEDORA-EPEL-2023-b2f79e5769)
A modern, advanced and high performance authoritative-only nameserver
--------------------------------------------------------------------------------
Update Information:
- Update to 4.7.3 Release notes:
https://doc.powerdns.com/authoritative/changelog/4.7.html#change-4.7.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.3-1
- Update to 4.7.3
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> - 4.7.2-5
- Rebuilt for Boost 1.81
* Mon Jan 23 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.2-4
- Fix missing include for gcc13
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.7.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Nov 8 2022 Richard Shaw <hobbes1069(a)gmail.com> - 4.7.2-2
- Rebuild for yaml-cpp 0.7.0.
* Tue Nov 1 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.2-1
- Update to 4.7.2
* Mon Oct 31 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.1-1
- Update to 4.7.1
* Sat Oct 22 2022 Morten Stevens <mstevens(a)fedoraproject.org> - 4.7.0-1
- Update to 4.7.0
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.6.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed May 4 2022 Thomas Rodgers <trodgers(a)redhat.com> - 4.6.2-2
- Rebuilt for Boost 1.78
--------------------------------------------------------------------------------
================================================================================
pdns-recursor-4.8.4-1.el9 (FEDORA-EPEL-2023-bb6f0bba09)
Modern, advanced and high performance recursing/non authoritative name server
--------------------------------------------------------------------------------
Update Information:
- Update to 4.8.4 Release notes:
https://doc.powerdns.com/recursor/changelog/4.8.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 4.8.4-1
- Update to 4.8.4
* Mon Feb 20 2023 Jonathan Wakely <jwakely(a)redhat.com> - 4.7.2-3
- Rebuilt for Boost 1.81
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.7.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2069403 - CVE-2022-27227 pdns-recursor: pdns,pdns-recursor: Incomplete zone
transfers handled as successful [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2069403
[ 2 ] Bug #2120865 - CVE-2022-37428 pdns-recursor: DoS when protobuf logging is enabled
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2120865
[ 3 ] Bug #2182851 - CVE-2023-26437 pdns-recursor: Deterred spoofing attempts can lead
to authoritative servers being marked unavailable [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2182851
--------------------------------------------------------------------------------
================================================================================
perl-Time-Duration-Parse-0.16-7.el9 (FEDORA-EPEL-2023-902760505a)
Parse string that represents time duration
--------------------------------------------------------------------------------
Update Information:
This package contains the Perl module Time::Duration::Parse, a module to parse
human readable duration strings like 2 minutes and 3 seconds to seconds.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.16-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Nov 30 2022 Ralf Cors��pius <corsepiu(a)fedoraproject.org> - 0.16-6
- Convert license to SPDX.
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.16-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue May 31 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.16-4
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.16-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.16-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 21 2021 Ralf Cors��pius <corsepiu(a)fedoraproject.org> - 0.16-1
- Upstream update.
- Modernize spec.
* Fri May 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.15-8
- Perl 5.34 rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.15-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2183882 - Adding perl-Time-Duration-Parse to EPEL9
https://bugzilla.redhat.com/show_bug.cgi?id=2183882
--------------------------------------------------------------------------------
================================================================================
php-smbclient-1.1.0-1.el9 (FEDORA-EPEL-2023-44cbffd1a4)
PHP wrapper for libsmbclient
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.0** * PHP 8 readiness, by Remi. ---- **Version 1.0.7** *
xattr fix by Remi. --- **Additional fix:** * add workaround for regression
in libsmbclient 4.16.9/4.17.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Remi Collet <remi(a)remirepo.net> - 1.1.0-1
- update to 1.1.0
- add workaround for regression in libsmbclient 4.16.9/4.17.5
from
https://github.com/eduardok/libsmbclient-php/pull/100
- use SPDX license ID
--------------------------------------------------------------------------------
================================================================================
python-opentelemetry-1.12.0-5.el9 (FEDORA-EPEL-2023-77dea30e74)
OpenTelemetry Python API and SDK
--------------------------------------------------------------------------------
Update Information:
Backport backoff v2 compat. fix from v1.14.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.12.0-5
- Backport backoff v2 compat. fix from v1.14.0
* Tue Apr 4 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.12.0-4
- Don���t assume %_smp_mflags is -j%_smp_build_ncpus
* Tue Apr 4 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.12.0-3
- Add trailing slashes to directories in files sections
* Tue Apr 4 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> - 1.12.0-2
- Drop default -r argument to pyproject_buildrequires
--------------------------------------------------------------------------------
================================================================================
zabbix-6.0.15-1.el9 (FEDORA-EPEL-2023-6d7621f86e)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
- Update to 6.0.15 Release notes:
https://www.zabbix.com/de/rn/rn6.0.15
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Morten Stevens <mstevens(a)fedoraproject.org> - 1:6.0.15-1
- Update to 6.0.15
--------------------------------------------------------------------------------
================================================================================
zchunk-1.3.1-1.el9 (FEDORA-EPEL-2023-0ff8a4bc32)
Compressed file format that allows easy deltas
--------------------------------------------------------------------------------
Update Information:
Fix several low severity security bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 4 2023 Jonathan Dieter <jdieter(a)gmail.com> - 1.3.1-1
- Fix a few low severity security bugs including
- An off-by-one overflow when reading compressed integers from a
malicious zchunk file
- Error handling being skipped when the number of bytes read doesn't
match what's expected
- Not freeing memory when attempting to reallocate to size 0
--------------------------------------------------------------------------------