The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-de31cb6120
perl-HTML-StripScripts-1.06-22.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-a1ed86449c
syncthing-1.23.5-1.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e6d2f056c2
radare2-5.8.6-1.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-5b8cf596eb
chromium-114.0.5735.106-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
libmd-1.1.0-1.el9
php-theseer-autoload-1.28.0-1.el9
python-events-0.4-1.el9
rust-phf0.8-0.8.0-4.el9
rust-phf_macros0.8-0.8.0-4.el9
rust-phf_shared0.8-0.8.0-4.el9
trafficserver-9.2.1-1.el9
unrealircd-6.1.1-1.el9
whichfont-1.0.6-1.el9
Details about builds:
================================================================================
libmd-1.1.0-1.el9 (FEDORA-EPEL-2023-47fce34296)
Library that provides message digest functions from BSD systems
--------------------------------------------------------------------------------
Update Information:
# libmd 1.1.0 * man: Add new libmd(7) man page * doc: Move mailing list
reference to the end * build: Fix version script linker support detection *
build: Fix `configure.ac` indentation * build: Require automake 1.11 *
build: Rename `libmd_alias()` to `libmd_strong_alias()` * Remove unused
`<assert.h>` * Sync MD2 changes from NetBSD * Sync MD4 changes from OpenBSD
* Sync MD5 changes from OpenBSD * Sync RMD160 changes from OpenBSD * Sync
SHA1 changes from OpenBSD * Sync SHA2 changes from OpenBSD * test: Add a new
`test_eq()` helper function * test: Add cases for SHA224 and SHA512-256 *
build: Terminate lists in variables with `# EOL`
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Robert Scheck <robert(a)fedoraproject.org> 1.1.0-1
- Upgrade to 1.1.0 (#2214865)
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2214865 - libmd-1.1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2214865
--------------------------------------------------------------------------------
================================================================================
php-theseer-autoload-1.28.0-1.el9 (FEDORA-EPEL-2023-1f1e5d729d)
A tool and library to generate autoload code
--------------------------------------------------------------------------------
Update Information:
**Release 1.28.0** * Add support for composer's `vendor-dir` setting when
building autoloader based on composer.json and custom vendor directory location
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Remi Collet <remi(a)remirepo.net> - 1.28.0-1
- update to 1.28.0
--------------------------------------------------------------------------------
================================================================================
python-events-0.4-1.el9 (FEDORA-EPEL-2023-85aa220394)
Bringing the elegance of C# EventHandler to Python
--------------------------------------------------------------------------------
Update Information:
Forking for epel 9
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 9 2022 David Hannequin <david.hannequin(a)gmail.com> - 0.4-1
- Latest upstream
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jul 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3-13
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 0.3-12
- Rebuilt for Python 3.10
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue May 26 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 0.3-9
- Rebuilt for Python 3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2192966 - Please branch and build python-events in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2192966
--------------------------------------------------------------------------------
================================================================================
rust-phf0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51)
Runtime support for perfect hash function data structures
--------------------------------------------------------------------------------
Update Information:
Update another batch of Rust packages for the latest Rust spec template from
rust2rpm v24. These packages also included fixes to update their license tags
and / or add missing license files from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.0-4
- Regenerate with rust2rpm v24 and add missing license file
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_macros0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51)
Macros to generate types in the phf crate
--------------------------------------------------------------------------------
Update Information:
Update another batch of Rust packages for the latest Rust spec template from
rust2rpm v24. These packages also included fixes to update their license tags
and / or add missing license files from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.0-4
- Regenerate with rust2rpm v24 and add missing license file
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_shared0.8-0.8.0-4.el9 (FEDORA-EPEL-2023-d2b3227e51)
Support code shared by PHF libraries
--------------------------------------------------------------------------------
Update Information:
Update another batch of Rust packages for the latest Rust spec template from
rust2rpm v24. These packages also included fixes to update their license tags
and / or add missing license files from upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.8.0-4
- Regenerate with rust2rpm v24 and add missing license file
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
trafficserver-9.2.1-1.el9 (FEDORA-EPEL-2023-faf5368307)
Fast, scalable and extensible HTTP/1.1 and HTTP/2 caching proxy server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 9.2.1; resolves CVE-2022-47184, CVE-2023-30631,
CVE-2023-33933
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 13 2023 Jered Floyd <jered(a)redhat.com> 9.2.1-1
- Update to upstream 9.2.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2213425 - trafficserver-9.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2213425
--------------------------------------------------------------------------------
================================================================================
unrealircd-6.1.1-1.el9 (FEDORA-EPEL-2023-02e36eafcc)
Open Source IRC server
--------------------------------------------------------------------------------
Update Information:
# UnrealIRCd 6.1.1 UnrealIRCd 6.1.1 comes with various bug fixes and
performance improvements, especially for channels with thousands of users. It
also has more options to override settings per security group, for example if
you want to give trusted users or bots more rights or higher flood rates than
regular users. All these options are now in a single [Special
users](https://www.unrealircd.org/docs/Special_users) article on the UnrealIRCd
wiki. Other notable features are better connection errors to SSL/TLS users and
a new `proxy { }` block for websocket reverse proxies. ## Enhancements * Two
new features that are conditionally on: * SSL/TLS users will now correctly
receive the error message if they are rejected due to throttling (connect-flood)
and some other situations. * DNS lookups are done before throttling. This
allows exempting a hostname from both maxperip and connect-flood restrictions.
A good example for IRCCloud would be: ``` except ban { mask
*.irccloud.com; type { maxperip; connect-flood; } } ``` * Both
features are temporarily disabled whenever a [high rate of connection
attempts](https://www.unrealircd.org/docs/FAQ#hi-conn-rate) is detected, to save
CPU and other resources during such an attack. The default rate is 1000 per
second, so this would be unusual to trigger accidentally. * It is now possible
to override some set settings per-security group by having a set block with a
name, like `set unknown-users { }` * You could use this to set more
limitations for unknown-users: ``` set unknown-users { max-
channels-per-user 5; static-quit "Quit"; static-part
yes; } ``` * Or to set higher values (higher than the normal set
block) for trusted users: ``` security-group trusted-bots {
account { BotOne; BotTwo; } } set trusted-bots { max-
channels-per-user 25; } ``` * Currently the following settings can be
used in a `set xxx { }` block: `set::auto-join`, `set::modes-on-connect`,
`set::restrict-usermodes`, `set::max-channels-per-user`, `set::static-quit`,
`set::static-part.` * See also [Special
users](https://www.unrealircd.org/docs/Special_users) in the documentation for
applying settings to a security groups. * New [`proxy { }`
block](https://www.unrealircd.org/docs/Proxy_block) that can be used for
spoofing IP addresses when: * Reverse proxying websocket connections (eg. via
NGINX, a load balancer or other reverse proxy) * WEBIRC/CGI:IRC gateways. This
will replace the old `webirc { }` block in the future, though the old one will
still work for now. * New setting [`set::handshake-boot-
delay`](https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot...
which allows server linking autoconnects to kick in (and incoming servers on
serversonly ports), before allowing clients in. This potentially avoids part of
the mess when initially linking on-boot. This option is not turned on by
default, you have to set it explicitly. * This is not a useful feature on
hubs, as they don't have clients. * It can be useful on client servers, if you
`autoconnect` to your hub. * If you connect services to a server with clients
this can be useful as well, especially in single-server setups. You would have
to set a low `retrywait` in your anope conf (or similar services package) of
like `5s` instead of the default `60s`. Then after an IRCd restart, your
services link in before your clients and your IRC users have SASL available
straight from the start. * JSON-RPC: * New call
[`log.list`](https://www.unrealircd.org/docs/JSON-RPC:Log#log.list) to fetch
past 1000 log entries. This functionality is only loaded if you include
`rpc.modules.default.conf`, so not wasting any memory on servers that are not
used for JSON-RPC. ## Changes * [`set::topic-
setter`](https://www.unrealircd.org/docs/Set_block#set::topic-setter) and
[`set::ban-setter`](https://www.unrealircd.org/docs/Set_block#set::ban-setter)
are now by default set to `nick-user-host` instead of `nick`, so you can see the
full nick!user@host of who set the topic/ban/exempt/invex. * Some small DNS
performance improvements: * We now 'negatively cache' unresolved hosts for 60
seconds. * The maximum number of cached records (positive and negative) was
raised to 4096. * We no longer use "search domains" to avoid silly lookups
for
like `4.3.2.1.dnsbl.dronebl.org.mydomain.org`. * Data buffer chunks bumped from
512 bytes to ~4K. This results in less write calls (lower CPU usage) and more
data per TCP/IP packet. * We now cache sending of lines in `sendto_channel` via
a new "LineCache" system. It saves CPU on (very) large channels. * Several
other
performance improvements such as checking maxperip via a hash table and faster
invisibility checks for delayjoin. * Blacklist hits are now logged globally.
This means they show up in snomask `B`, are logged, and show up in the webpanel
"Logs" view. * The event `REMOTE_CLIENT_JOIN` was mass-triggered when servers
were syncing. They are now hidden, like `REMOTE_CLIENT_CONNECT`. ## Fixes *
Crash when removing a `listen { }` block for websocket or rpc (or changing the
port number) * When using the webpanel, if an IRC client tried to connect with
the same IP as the webpanel server, it would often receive the error "Too many
unknown connections". This only affected non-localhost connections. * The
[`require module`
block](https://www.unrealircd.org/docs/Require_module_block)
was only checked of one side of the link, thus partially not working. ##
Removed * [`set::maxbanlength`](https://www.unrealircd.org/docs/Set_block#set::m
axbanlength) has been removed as it was not deemed useful and only confusing to
users and admins. ## Developers and protocol * Server to server lines can now
be 16384 bytes in size when `PROTOCTL BIGLINES` is set. This will allow us to do
things more efficiently and possibly raise some other limits in the future. This
16k is the size of the complete line, including sender, message tags, content
and `\r\n`. Also, in server-to-server traffic we now allow 30 parameters
(`MAXPARA`*2). The original input size limits for non-servers remain the
same: the complete line can be 4k+512, with the non-mtag portion limit set at
512 bytes (including `\r\n`), and `MAXPARA` is still 15 as well. * In command
handlers, individual `parv[]` elements can be 510 bytes max, even if they add up
like `parv[1]` and `parv[2]` both being 510 bytes each. If you need more than
that, then you need to set the flag `CMD_BIGLINES` in `CommandAdd()`, then an
individual parameter can be near ~16k. This is so, because a lot of the code
does not expect parameters bigger than 512 bytes (but can still handle the total
of parameters being greater than 512). The new flag allows gradually opting in
commands to allow bigger parameters, after such code has been checked and
modified to handle it.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 14 2023 Robert Scheck <robert(a)fedoraproject.org> 6.1.1-1
- Upgrade to 6.1.1 (#2211354)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2211354 - unrealircd-6.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2211354
--------------------------------------------------------------------------------
================================================================================
whichfont-1.0.6-1.el9 (FEDORA-EPEL-2023-b4e40fc9f9)
Querying Fontconfig
--------------------------------------------------------------------------------
Update Information:
help section changed
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 13 2023 Sudip Shil <sshil(a)redhat.com> - 1.0.6-1
- help section changed
--------------------------------------------------------------------------------