The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-0478d18bdf
caddy-2.4.6-5.el9
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-ef285688eb
syncthing-1.23.0-2.el9
3
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-be3f685654
chromium-109.0.5414.119-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
applet-window-buttons-0.11.1-4.el9
blender-3.3.3-4.el9
borgmatic-1.7.6-1.el9
distribution-gpg-keys-1.82-1.el9
epel-rpm-macros-9-8.el9
ffmpeg-5.1.2-6.el9
fts-rest-client-3.12.0-3.el9
java-latest-openjdk-19.0.2.0.7-1.rolling.el9
koji-osbuild-11-1.el9
mock-core-configs-38.1-1.el9
stb-0^20230129git5736b15-0.1.el9
Details about builds:
================================================================================
applet-window-buttons-0.11.1-4.el9 (FEDORA-EPEL-2023-c3cd44aafe)
Plasma 5 applet to show window buttons in panels
--------------------------------------------------------------------------------
Update Information:
Initial build for EPEL9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.11.1-4
- Rebuilt for libkdecorations2private.so
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.11.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Mar 31 2022 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.11.1-1
- Update to version 0.11.1
* Wed Jan 19 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Dec 7 2021 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.10.1-1
- 0.10.1
* Tue Dec 7 2021 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.9.0-5
- 00-fix-update-override.patch add into git source for fix build problem (#2024145)
- cosmetic fixes
* Wed Oct 13 2021 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.9.0-4
- rawhide-fixing build attempt #1
- 00-fix-update-override.patch added.
* Thu Jul 29 2021 Onuralp Sezer <thunderbirdtr(a)fedoraproject.org> - 0.9.0-3
- BR : appstream added fix build errors
* Wed Jul 21 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Wed May 12 2021 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 0.9.0-1
- initial package
--------------------------------------------------------------------------------
================================================================================
blender-3.3.3-4.el9 (FEDORA-EPEL-2023-ac2da7e3bf)
3D modeling, animation, rendering and post-production
--------------------------------------------------------------------------------
Update Information:
* New 3.3.3 LTS release * EPEL9: new release with minimal dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1:3.3.3-4
- Disable mma for ppc64le
* Tue Jan 31 2023 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1:3.3.3-2
- Add macros file
* Tue Jan 31 2023 Luya Tshimbalanga <luya(a)fedoraproject.org> - 1:3.3.3-1
- Initial release for EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2095134 - Package request for EPEL9 - blender
https://bugzilla.redhat.com/show_bug.cgi?id=2095134
--------------------------------------------------------------------------------
================================================================================
borgmatic-1.7.6-1.el9 (FEDORA-EPEL-2023-700bfade42)
Simple Python wrapper script for borgbackup
--------------------------------------------------------------------------------
Update Information:
- [#393](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/393), [#438](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/438), [#560](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/560): Optionally dump "all" PostgreSQL/MySQL
databases to separate files instead of one combined dump file, allowing
more convenient restores of individual databases. You can enable this by
specifying the database dump "format" option when the database is named
"all". -
[#602](https://projects.torsion.org/borgmatic-collective/borgmatic/issues/602):
Fix logs that interfere with JSON output by making warnings go to stderr instead
of stdout. - [#622](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/622): Fix traceback when include merging
configuration files on ARM64. - [#629](https://projects.torsion.org/borgmatic-
collective/borgmatic/issues/629): Skip warning about excluded special files when
no special files have been excluded. -
[#630](https://projects.torsion.org/borgmatic-collective/borgmatic/issues/630):
Add configuration options for database command customization: "list_options",
"restore_options", and "analyze_options" for PostgreSQL,
"restore_options" for
MySQL, and "restore_options" for MongoDB.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Felix Kaechele <felix(a)kaechele.ca> - 1.7.6-1
- update to 1.7.6
* Wed Jan 18 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.7.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164923 - borgmatic-1.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2164923
--------------------------------------------------------------------------------
================================================================================
distribution-gpg-keys-1.82-1.el9 (FEDORA-EPEL-2023-06bf3490e9)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
mock-core-configs - update openEuler gpg key (pkwarcraft(a)gmail.com) - Branch
Fedora 38 (miro(a)hroncok.cz) - disable fastestmirror on almalinux
(jonathan(a)almalinux.org) - openEuler 22.03-SP1 released, so we switch to latest
repo url (pkwarcraft(a)gmail.com) distribution-gpg-keys - move symlink of
fedora-rawhide to fedora-39 - add openEuler new key - update copr keys - add
fedora 40 gpg key
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 30 2023 Miroslav Such�� <msuchy(a)redhat.com> 1.82-1
- move symlink of fedora-rawhide to fedora-39
- add openEuler new key
- update copr keys
- add fedora 40 gpg key
--------------------------------------------------------------------------------
================================================================================
epel-rpm-macros-9-8.el9 (FEDORA-EPEL-2023-1c89a785bf)
Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:
Add perl-generators to epel macros (
https://fedoraproject.org/wiki/Changes/Perl_replace_MODULE_COMPAT_by_gene... )
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 23 2023 Jitka Plesnikova <jplesnik(a)redhat.com> - 9-8
- Add perl-generators-epel to the buildroot
--------------------------------------------------------------------------------
================================================================================
ffmpeg-5.1.2-6.el9 (FEDORA-EPEL-2023-ed422511f7)
A complete solution to record, convert and stream audio and video
--------------------------------------------------------------------------------
Update Information:
This update enables numerous newly approved codecs. Aside from the plethora of
80s/90s-era codecs, the following notable codecs are enabled: * MPEG-4 Part 2
(XvID) * DTS DCA * Legacy codecs for Flash video * Windows Media Audio/Video 1+2
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 30 2023 Neal Gompa <ngompa(a)fedoraproject.org> - 5.1.2-6
- Enable more approved codecs
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.1.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Jan 15 2023 Yaakov Selkowitz <yselkowi(a)redhat.com> - 5.1.2-4
- Properly enable libzvbi_teletext decoder
* Fri Dec 23 2022 Sandro Mani <manisandro(a)gmail.com> - 5.1.2-3
- Rebuild (tesseract)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2164320 - Can we enable the WavPack audio encoder/decoder?
https://bugzilla.redhat.com/show_bug.cgi?id=2164320
[ 2 ] Bug #2164748 - Is it possible to enable APE (Monky's Audio) decoder?
https://bugzilla.redhat.com/show_bug.cgi?id=2164748
--------------------------------------------------------------------------------
================================================================================
fts-rest-client-3.12.0-3.el9 (FEDORA-EPEL-2023-bee7a91b4b)
File Transfer Service (FTS) -- Python3 Client and CLI
--------------------------------------------------------------------------------
Update Information:
Rebuild for EPEL8 Python3 shebang fix
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Miro Hron��ok <mhroncok(a)redhat.com> - 3.12.0-3
- Rebuilt to change Python shebangs to /usr/bin/python3.6 on EPEL 8
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.12.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-19.0.2.0.7-1.rolling.el9 (FEDORA-EPEL-2023-fc74dc491a)
OpenJDK 19 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
New in release OpenJDK 19.0.2 (2023-01-17) ============= CVEs Fixed
---------------------------------- * CVE-2023-21835 * CVE-2023-21843
Security Fixes ---------------------------------- * JDK-8286070: Improve
UTF8 representation * JDK-8286496: Improve Thread labels * JDK-8287411:
Enhance DTLS performance * JDK-8288516: Enhance font creation *
JDK-8293554: Enhanced DH Key Exchanges * JDK-8293598: Enhance InetAddress
address handling * JDK-8293717: Objective view of ObjectView *
JDK-8293734: Improve BMP image handling * JDK-8293742: Better Banking of
Sounds * JDK-8295687: Better BMP bounds Major Changes =============
JDK-8295687: Better BMP bounds ---------------------------------- Loading a
linked ICC profile within a BMP image is now disabled by default. To re-enable
it, set the new system property sun.imageio.bmp.enabledLinkedProfiles to true.
This new property replaces the old property,
sun.imageio.plugins.bmp.disableLinkedProfiles. JDK-8293742: Better Banking of
Sounds ------------------------------------------------------- Previously, the
SoundbankReader implementation, com.sun.media.sound.JARSoundbankReader, would
download a JAR soundbank from a URL. This behaviour is now disabled by default.
To re-enable it, set the new system property jdk.sound.jarsoundbank to true.
JDK-8287411: Enhance DTLS performance
------------------------------------------------------------- The JDK now
exchanges DTLS cookies for all handshakes, new and resumed. The previous
behaviour can be re-enabled by setting the new system property
jdk.tls.enableDtlsResumeCookie to false.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 26 2023 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:19.0.2.0.7-1.rolling
- Update to jdk-19.0.2 release
- Update release notes to 19.0.2
- Drop JDK-8293834 (CLDR update for Kyiv) which is now upstream
- Drop JDK-8294357 (tzdata2022d), JDK-8295173 (tzdata2022e) & JDK-8296108
(tzdata2022f) local patches which are now upstream
- Drop JDK-8296715 (CLDR update for 2022f) which is now upstream
- Add local patch JDK-8295447 (javac NPE) which was accepted into 19u upstream but not in
the GA tag
- Add local patches for JDK-8296239 & JDK-8299439 (Croatia Euro update) which are
present in 8u, 11u & 17u releases
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:19.0.1.0.10-3.rolling.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Dec 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:19.0.1.0.10-3.rolling
- Update in-tree tzdata & CLDR to 2022g with JDK-8296108, JDK-8296715 &
JDK-8297804
- Update TestTranslations.java to test the new America/Ciudad_Juarez zone
* Wed Dec 7 2022 Stephan Bergmann <sbergman(a)redhat.com> - 1:19.0.1.0.10-3.rolling
- Fix flatpak builds by disabling TestTranslations test due to missing tzdb.dat
* Wed Oct 26 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:19.0.1.0.10-2.rolling
- Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
- Update CLDR data with Europe/Kyiv (JDK-8293834)
- Drop JDK-8292223 patch which we found to be unnecessary
- Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
--------------------------------------------------------------------------------
================================================================================
koji-osbuild-11-1.el9 (FEDORA-EPEL-2023-e0da84a33b)
Koji integration for osbuild composer
--------------------------------------------------------------------------------
Update Information:
This project provides osbuild integration with Koji. It makes it possible to
build images and other OS artifacts via osbuild-composer through koji.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 21 2022 Packit <hello(a)packit.dev> - 11-1
Changes with 11
----------------
* Print more log messages to enable tracking of SLIs (#110)
* Various fixes (#108)
Contributions from: Simon Steinbeiss, Thomas Lavocat, Tom���� Hozza
��� Somewhere on the Internet, 2022-11-21
* Fri Sep 2 2022 Packit <hello(a)packit.dev> - 10-1
Changes with 10
----------------
* Hub: support `image_type` being an array for backwards compatibility (#107)
* packit: Enable Bodhi updates workflow (#106)
Contributions from: Tomas Hozza
��� Somewhere on the Internet, 2022-09-02
* Wed Aug 31 2022 Packit <hello(a)packit.dev> - 9-1
Changes with 9
----------------
* Support specifying upload options for image builds (#104)
* Various enhancements (#105)
* builder: add retries to composer API calls (#103)
Contributions from: Ond��ej Budai, Tomas Hozza
��� Somewhere on the Internet, 2022-08-31
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 8-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 30 2022 Packit <hello(a)packit.dev> - 8-1
Changes with 8
----------------
* builder: always refresh OAuth token after getting 401 (#102)
Contributions from: Ond��ej Budai
��� Somewhere on the Internet, 2022-06-30
* Wed Jun 29 2022 Packit <hello(a)packit.dev> - 7-1
Changes with 7
----------------
* builder: set OAuth token creation time before we fetch it (#101)
* packit: Enable Koji build integration (#99)
* spec: set the default release to 1 (#98)
Contributions from: Jakub Rusz, Ond��ej Budai, Simon Steinbeiss
��� Somewhere on the Internet, 2022-06-29
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 6-1
- Rebuilt for Python 3.11
* Tue May 3 2022 Packit <hello(a)packit.dev> - 6-0
Changes with 6
----------------
* builder: add support for proxying requests to composer (#96)
* devcontainer: remove trailing comma from JSON (#95)
* plugins: add support for customizations (#97)
* workflows/trigger-gitlab: run Gitlab CI in new image-builder project (#94)
Contributions from: Christian Kellner, Jakub Rusz, Ond��ej Budai
��� Somewhere on the Internet, 2022-05-03
* Mon Mar 28 2022 Packit Service <user-cont-team+packit-service(a)redhat.com> - 5-0
CHANGES WITH 5:
----------------
* builder: rename gpg_key field to gpgkey for repos (#91)
* builder: fix type annotations (#92)
* Add GitHub Action to create upstream tag (#90)
* docs: fix error in hacking.md (#85)
* build(deps): bump actions/checkout from 2 to 3 (#86)
* spec: don't push tests into Fedora (#89)
* test/builder: drop misleading quotes from config (#88)
* builder: use correct secret when fetching token (#87)
* packit: Push directly to dist-git (#84)
Contributions from: Christian Kellner, Ond��ej Budai, Simon Steinbeiss, Stephen Coady,
dependabot[bot]
��� Somewhere on the Internet, 2022-03-28
* Tue Feb 15 2022 Packit Service <user-cont-team+packit-service(a)redhat.com> - 4-0
CHANGES WITH 4:
----------------
* plugins: support for repo package sets (#82)
* Lower task weight (#60)
* Add upstream release bot and enable packit (#81)
* plugins: support for ostree specific options (#80)
* builder: use cloud api (#73)
* README: contributing (#74)
* README.md,HACKING.md: update for SSO/OAuth2 (#79)
* Support for oauth2 authentication (#69)
* ci: switch from rhel 8.4 to 8.5 (#78)
* ci: integration tests now adapt to the host (#77)
* schutzbot: update osbuild to 46 (#75)
* cli: do not use translation helper (#72)
* `builder`: fixes for the command line argument parsing (#71)
* Fix command line argument names (#70)
* devcontainer: add initial support (#68)
* schutzbot: remove ssh keys of team member that left us (#67)
* CI: Fix failure in Coverity Scan (#66)
* ci: Enable Coverity Scan (#65)
* Adjust variable names (#64)
* build(deps): bump ludeeus/action-shellcheck from 0.5.0 to 1.1.0 (#63)
* test: use importlib instead of imp (#62)
* Enable Dependabot (#61)
* plugin/cli: remove type annotation (#59)
* Migrate to GitLab CI (#58)
* Test and CI maintenance (#57)
* Fetch and attach the manifests (#56)
* Test housekeeping (#55)
* assorted CI fixes/improvements (#54)
* Add Fedora 33 to Schutzbot & fix the name of repo (#52)
* test/integration.sh: bump nightly (#53)
* test: replace docker.io with fedora's registry (#50)
* mockbuild: make more consistent with other osbuild projects (#49)
* Update osbuild-composer dependency to 25 (#48)
Contributions from: Alexander Todorov, Chloe Kaubisch, Christian Kellner, Lars Karlitski,
Ond��ej Budai, Simon Steinbeiss, Tomas Kopecek
��� V��cklabruck, 2022-02-15
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri Jun 4 2021 Python Maint <python-maint(a)redhat.com> - 2-2
- Rebuilt for Python 3.10
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2-1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-38.1-1.el9 (FEDORA-EPEL-2023-06bf3490e9)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
mock-core-configs - update openEuler gpg key (pkwarcraft(a)gmail.com) - Branch
Fedora 38 (miro(a)hroncok.cz) - disable fastestmirror on almalinux
(jonathan(a)almalinux.org) - openEuler 22.03-SP1 released, so we switch to latest
repo url (pkwarcraft(a)gmail.com) distribution-gpg-keys - move symlink of
fedora-rawhide to fedora-39 - add openEuler new key - update copr keys - add
fedora 40 gpg key
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Pavel Raiskup <praiskup(a)redhat.com> 38.1-1
- update openEuler gpg key (pkwarcraft(a)gmail.com)
- Branch Fedora 38 (miro(a)hroncok.cz)
- disable fastestmirror on almalinux (jonathan(a)almalinux.org)
- openEuler 22.03-SP1 released, use the latest repo url (pkwarcraft(a)gmail.com)
--------------------------------------------------------------------------------
================================================================================
stb-0^20230129git5736b15-0.1.el9 (FEDORA-EPEL-2023-0125a6d095)
Single-file public domain libraries for C/C++
--------------------------------------------------------------------------------
Update Information:
Updates `stb_image` to 0.28. Several security patches that were carried in EPEL9
are now merged upstream, and the release includes a few other bug-fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 31 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20230129git5736b15-0.1
- Update to 5736b1 (version history and README updates)
* Tue Jan 31 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20230129git6199bf7-0.1
- Update to 6199bf7 (stb_image 2.28)
- Security-related patches for stb_image have been merged upstream, and
there are other bugfixes.
* Tue Jan 31 2023 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20220908git8b5f1f3-0.4
- Patch in a candidate fix for ossfuzz issue 24232
- Improves handling of certain invalid PNGs by stb_image
--------------------------------------------------------------------------------