The following Fedora EPEL 9 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b305ec138e
indent-2.2.13-4.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
aom-3.7.0-1.el9
composer-2.6.1-1.el9
fakeroot-1.32.1-1.el9
highway-1.0.7-1.el9
lastpass-cli-1.3.5-1.el9
lua-sec-1.3.2-1.el9
procServ-2.7.0-16.el9
python-specfile-0.22.0-1.el9
qemu-sanity-check-1.1.6-11.el9
qm-0.5.6-1.el9
racket-7.9-2.el9
resalloc-aws-1.5-1.el9
rust-temp-env-0.3.4-2.el9
syncthing-1.23.7-1.el9
tmt-1.26.1-1.el9
xrdp-0.9.23-1.el9
Details about builds:
================================================================================
aom-3.7.0-1.el9 (FEDORA-EPEL-2023-50d30d4d62)
Royalty-free next-generation video format
--------------------------------------------------------------------------------
Update Information:
Update to version 3.7.0. Release notes:
https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Fabio Valentini <decathorpe(a)gmail.com> - 3.7.0-1
- Update to version 3.7.0; Fixes RHBZ#2236624
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
composer-2.6.1-1.el9 (FEDORA-EPEL-2023-e0af5d2493)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.6.1** - 2023-09-01 * Reverted "Fixed executability of non-php
binaries which are not marked executable (#11557)" which caused a regression
(#11612) ---- **Version 2.6.0** - 2023-09-01 * Added audit.ignore config
setting to ignore security advisories by id or CVE id (#11556, #11605) * Added
`rm` alias to the `remove` command (#11367) * Added runtime platform check to
verify the php-64bit requirement is met (#11334) * Added platform package
detection for lib-pq-libpq and lib-rdkafka-librdkafka (#11418) * Added `--dry-
run` to `dump-autoload` command to allow running --strict-psr checks without
modifying the filesystem (#11608) * Added support for `bump`ing patch level in
`~1.2.3` constraints (#11590) * Added prompt in `require` if the package name
is not found but similar ones exist (#11284) * Added support for env vars and
`~` in repository paths for vcs and artifact repositories (#11453) * Added
support for local directory paths for repositories of type `composer` (#11526)
* Added links to package homepages in `why`/`why-not` command output (#11308)
* Added a `security` key to the `support` key of composer.json to set the URL to
the vulnerability disclosure policy (#11271) * Added support for gathering
security advisories from multiple repositories for a single package (#11436) *
Fixed `install` and `update` exit code to be non-zero if the post-install
security audit failed (#11362) * Fixed binary proxies causing scripts
inspecting `$_SERVER['SCRIPT_NAME']` to detect them, they are now more
transparent (#11562) * Fixed executability of non-php binaries which are not
marked executable (#11557) * Fixed `mtime` modification of the vendor dir to
only happen when packages are modified, and not require lock file modification
to happen (#11593) * Fixed `create-project` using the wrong composer.json file
if one was set via the `COMPOSER` env var (#11493) * Fixed json editing to
preserve indentation when updating json files (#11390) * Fixed handling of
broken junctions on windows (#11550) * Fixed parsing of lib-curl-openssl
version with OSX SecureTransport (#11534) * Fixed svn repo parsing in some
edge cases (#11350) * Fixed handling of archive URLs without file extension
(#11520) * Performance improvement in pool optimization step (#11449, #11450)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Remi Collet <remi(a)remirepo.net> - 2.6.1-1
- update to 2.6.1
* Fri Sep 1 2023 Remi Collet <remi(a)remirepo.net> - 2.6.0-1
- update to 2.6.0
--------------------------------------------------------------------------------
================================================================================
fakeroot-1.32.1-1.el9 (FEDORA-EPEL-2023-8f465f7c8c)
Gives a fake root environment
--------------------------------------------------------------------------------
Update Information:
Update fakeroot to 1.32.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 31 2023 S��rgio Basto <sergio(a)serjux.com> - 1.32.1-1
- Update fakeroot to 1.32.1
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.31-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2221810 - fakeroot-1.32.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2221810
--------------------------------------------------------------------------------
================================================================================
highway-1.0.7-1.el9 (FEDORA-EPEL-2023-9abfe1b53b)
Efficient and performance-portable SIMD
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.7. - Release notes for 1.0.6:
https://github.com/google/highway/releases/tag/1.0.6 - Release notes for 1.0.7:
https://github.com/google/highway/releases/tag/1.0.7
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.7-1
- Update to version 1.0.7; Fixes RHBZ#2231570
--------------------------------------------------------------------------------
================================================================================
lastpass-cli-1.3.5-1.el9 (FEDORA-EPEL-2023-3814f838d0)
Command line interface to
LastPass.com
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.3.5-1
- Update to 1.3.5
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Tue Dec 27 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.3.4-1
- Update to 1.3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2236587 - lpass errors with "Error: SSL peer certificate or SSH remote
key was not OK."
https://bugzilla.redhat.com/show_bug.cgi?id=2236587
[ 2 ] Bug #2236615 - lastpass-cli-1.3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2236615
--------------------------------------------------------------------------------
================================================================================
lua-sec-1.3.2-1.el9 (FEDORA-EPEL-2023-e4a95323d5)
Lua binding for OpenSSL library
--------------------------------------------------------------------------------
Update Information:
# LuaSec 1.3.2 * Fix: place `EAI_OVERFLOW` inside macro, unbreak build on
macOS < 10.7 * Fix: Expand workaround for zero `errno` to OpenSSL 3.0.x *
Fix: reset block timeout at send or receive
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Robert Scheck <robert(a)fedoraproject.org> 1.3.2-1
- Upgrade to 1.3.2 (#2236628)
* Thu Jul 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2236628 - lua-sec-1.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2236628
--------------------------------------------------------------------------------
================================================================================
procServ-2.7.0-16.el9 (FEDORA-EPEL-2023-07703982b5)
Process server with telnet console and log access
--------------------------------------------------------------------------------
Update Information:
Add existing package to EPEL9 with no changes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-16
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-15
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-14
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-13
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.0-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2231918 - Please branch and build procServ in epel9
https://bugzilla.redhat.com/show_bug.cgi?id=2231918
--------------------------------------------------------------------------------
================================================================================
python-specfile-0.22.0-1.el9 (FEDORA-EPEL-2023-4075ddcf37)
A library for parsing and manipulating RPM spec files
--------------------------------------------------------------------------------
Update Information:
Automatic update for python-specfile-0.22.0-1.el9. ##### **Changelog for
python-specfile** ``` * Fri Sep 01 2023 Packit <hello(a)packit.dev> - 0.22.0-1 -
Macro definitions and tags gained a new `valid` attribute. A macro
definition/tag is considered valid if it doesn't appear in a false branch of any
condition appearing in the spec file. (#276) ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Packit <hello(a)packit.dev> - 0.22.0-1
- Macro definitions and tags gained a new `valid` attribute. A macro definition/tag is
considered valid if it doesn't appear in a false branch of any condition appearing in
the spec file. (#276)
--------------------------------------------------------------------------------
================================================================================
qemu-sanity-check-1.1.6-11.el9 (FEDORA-EPEL-2023-6a72d131c2)
Simple qemu and Linux kernel sanity checker
--------------------------------------------------------------------------------
Update Information:
Rebase with all latest upstream patches
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Richard W.M. Jones <rjones(a)redhat.com> - 1.1.6-11
- Rebase with all latest upstream patches
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.6-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
qm-0.5.6-1.el9 (FEDORA-EPEL-2023-f48dbbc66c)
Containerized environment for running Quality Management software
--------------------------------------------------------------------------------
Update Information:
Automatic update for qm-0.5.6-1.el9.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Packit <hello(a)packit.dev> - 0.5.6-1
- [packit] 0.5.6 upstream release
* Wed Aug 30 2023 Packit <hello(a)packit.dev> - 0.5.5-1
- [packit] 0.5.5 upstream release
* Tue Aug 29 2023 Packit <hello(a)packit.dev> - 0.5.4-1
- [packit] 0.5.4 upstream release
* Mon Aug 28 2023 Packit <hello(a)packit.dev> - 0.5.3-1
- [packit] 0.5.3 upstream release
* Wed Aug 16 2023 Packit <hello(a)packit.dev> - 0.5.1-1
- [packit] 0.5.1 upstream release
* Thu May 18 2023 Packit <hello(a)packit.dev> - 0.4.1-1
- [packit] 0.4.1 upstream release
* Thu May 18 2023 Packit <hello(a)packit.dev> - 0.4.0-1
- [packit] 0.4.0 upstream release
* Tue May 16 2023 Packit <hello(a)packit.dev> - 0.2.0-1
- [packit] 0.2.0 upstream release
* Tue May 9 2023 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.1.0-1
- Resolves: #2193400 - initial upload
--------------------------------------------------------------------------------
================================================================================
racket-7.9-2.el9 (FEDORA-EPEL-2023-d67f720f14)
General purpose programming language
--------------------------------------------------------------------------------
Update Information:
re-enable ppc64le for epel
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 31 2023 Jens Petersen <petersen(a)redhat.com> - 7.9-2
- re-enable ppc64le for epel
* Mon Aug 28 2023 Jens Petersen <petersen(a)redhat.com> - 7.9-1
- update to 7.9
- drop the nonfree doc patch
* Sat Aug 26 2023 Jens Petersen <petersen(a)redhat.com> - 7.4-12
- disable ppc64le (#2226390)
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Apr 26 2023 Florian Weimer <fweimer(a)redhat.com> - 7.4-10
- Port configure script to C99
* Fri Jan 20 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 7.4-6
- Rebuilt for
https://fedoraproject.org/wiki/Changes/LIBFFI34
--------------------------------------------------------------------------------
================================================================================
resalloc-aws-1.5-1.el9 (FEDORA-EPEL-2023-bf0317a31e)
Resource allocator scripts for AWS
--------------------------------------------------------------------------------
Update Information:
New resalloc-aws-new --root-volume-size option
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Pavel Raiskup <praiskup(a)redhat.com> 1.5-1
- resalloc-aws-new: add `--root-volume-size` option (svashisht(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
rust-temp-env-0.3.4-2.el9 (FEDORA-EPEL-2023-56f9501b48)
Set environment variables temporarily
--------------------------------------------------------------------------------
Update Information:
Built for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed Apr 19 2023 Fabio Valentini <decathorpe(a)gmail.com> - 0.3.4-1
- Update to version 0.3.4; Fixes RHBZ#2180852
* Mon Feb 27 2023 Alessio <alciregi(a)fedoraproject.org> - 0.3.2-1
- Update to 0.3.2
* Mon Feb 27 2023 Alessio <alciregi(a)fedoraproject.org> - 0.3.0-4
- Update to 0.3.2
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.3.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 21 2022 Alessio <alciregi(a)fedoraproject.org> - 0.3.0-2
- Initial import (fedora#2121997).
* Mon Nov 21 2022 Alessio <alciregi(a)fedoraproject.org> - 0.3.0-1
- Initial import (fedora#2121997).
--------------------------------------------------------------------------------
================================================================================
syncthing-1.23.7-1.el9 (FEDORA-EPEL-2023-b80fe8364c)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.23.7. Release notes:
https://github.com/syncthing/syncthing/releases/tag/v1.23.7
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Fabio Valentini <decathorpe(a)gmail.com> - 1.23.7-1
- Update to version 1.23.7; Fixes RHBZ#2230629
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2230629 - syncthing-1.23.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2230629
--------------------------------------------------------------------------------
================================================================================
tmt-1.26.1-1.el9 (FEDORA-EPEL-2023-a6e035c747)
Test Management Tool
--------------------------------------------------------------------------------
Update Information:
Automatic update for tmt-1.26.1-1.el9. ##### **Changelog for tmt** ``` * Fri
Sep 01 2023 Luk���� Zachar <lzachar(a)redhat.com> - 1.26.1 - Rewrite git url for
discover fmf: modified-only ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Luk���� Zachar <lzachar(a)redhat.com> - 1.26.1
- Rewrite git url for discover fmf: modified-only
--------------------------------------------------------------------------------
================================================================================
xrdp-0.9.23-1.el9 (FEDORA-EPEL-2023-c2aea8a27e)
Open source remote desktop protocol (RDP) server
--------------------------------------------------------------------------------
Update Information:
Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running
xrdp and xrdp-sesman on separate hosts is still supported by this release, but
is now deprecated. This is not secure. A future v1.0 release will replace the
TCP socket used between these processes with a Unix Domain Socket, and then
cross-host running will not be possible. Security fixes - CVE-2023-40184:
Improper handling of session establishment errors allows bypassing OS-level
session restrictions (Reported by @gafusss) Bug fixes - Environment variables
set by PAM modules are no longer restricted to around 250 characters (#2712) -
X11 clipboard clients now no longer hang when requesting a clipboard format
which isn't available (#2767) New features No new features in this release.
Internal changes - Introduce release tarball generation script (#2703) -
cppcheck version used for CI bumped to 2.11 (#2738) Known issues - On-the-fly
resolution change requires the Microsoft Store version of Remote Desktop client
but sometimes crashes on connect (#1869) - xrdp's login dialog is not relocated
at the center of the new resolution after on-the-fly resolution change happens
(#1867)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 1 2023 Bojan Smojver <bojan(a)rexursive.com> - 1:0.9.23-1
- Update to 0.9.23
- CVE-2023-40184
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:0.9.22.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Leigh Scott <leigh123linux(a)gmail.com> - 1:0.9.22.1-3
- Rebuild fo new imlib2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session
handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2236307
[ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session
handling [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2236308
--------------------------------------------------------------------------------