August 2022 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2122358] New: CVE-2020-35533 LibRaw: Out-of-bounds read in LibRaw::adobe_copy_pixel() function
by bugzilla＠redhat.com 29 Nov '22

29 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2122358 Bug ID: 2122358 Summary: CVE-2020-35533 LibRaw: Out-of-bounds read in LibRaw::adobe_copy_pixel() function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dchen(a)redhat.com, debarshir(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, hobbes1069(a)gmail.com, jridky(a)redhat.com, manisandro(a)gmail.com, mattdm(a)redhat.com, mattia.verga(a)proton.me, michel(a)michel-slm.name, ngompa13(a)gmail.com, nphilipp(a)redhat.com, sebastian(a)sdziallas.com, sergio(a)serjux.com, siddharth.kde(a)gmail.com, sipoyare(a)redhat.com, thibault(a)north.li Target Milestone: --- Classification: Other In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. Upstream issue: https://github.com/LibRaw/LibRaw/issues/273 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122358

1 9

[Bug 2122357] New: CVE-2020-35532 LibRaw: Out-of-bounds read in simple_decode_row() function
by bugzilla＠redhat.com 29 Nov '22

29 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2122357 Bug ID: 2122357 Summary: CVE-2020-35532 LibRaw: Out-of-bounds read in simple_decode_row() function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dchen(a)redhat.com, debarshir(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, hobbes1069(a)gmail.com, jridky(a)redhat.com, manisandro(a)gmail.com, mattdm(a)redhat.com, mattia.verga(a)proton.me, michel(a)michel-slm.name, ngompa13(a)gmail.com, nphilipp(a)redhat.com, sebastian(a)sdziallas.com, sergio(a)serjux.com, siddharth.kde(a)gmail.com, sipoyare(a)redhat.com, thibault(a)north.li Target Milestone: --- Classification: Other In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. Upstream issue: https://github.com/LibRaw/LibRaw/issues/271 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122357

1 9

[Bug 2122356] New: CVE-2020-35531 LibRaw: Out-of-bounds read in get_huffman_diff() function
by bugzilla＠redhat.com 29 Nov '22

29 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2122356 Bug ID: 2122356 Summary: CVE-2020-35531 LibRaw: Out-of-bounds read in get_huffman_diff() function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dchen(a)redhat.com, debarshir(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, hobbes1069(a)gmail.com, jridky(a)redhat.com, manisandro(a)gmail.com, mattdm(a)redhat.com, mattia.verga(a)proton.me, michel(a)michel-slm.name, ngompa13(a)gmail.com, nphilipp(a)redhat.com, sebastian(a)sdziallas.com, sergio(a)serjux.com, siddharth.kde(a)gmail.com, sipoyare(a)redhat.com, thibault(a)north.li Target Milestone: --- Classification: Other In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. Upstream issue: https://github.com/LibRaw/LibRaw/issues/270 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2122356

1 9

[Bug 2117998] New: Non-responsive maintainer check for raineforest
by bugzilla＠redhat.com 29 Nov '22

29 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2117998 Bug ID: 2117998 Summary: Non-responsive maintainer check for raineforest Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: asio Severity: medium Priority: medium Assignee: uwog(a)uwog.net Reporter: belegdol(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io, raineforest(a)raineforest.me, uwog(a)uwog.net Target Milestone: --- Classification: Fedora This bug is part of the non-responsive maintainer procedure for raineforest, following https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package…. Please respond if you are still active in Fedora and want to maintain asio. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2117998

1 2

[Bug 2117995] New: Non-responsive maintainer check for uwog
by bugzilla＠redhat.com 29 Nov '22

29 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2117995 Bug ID: 2117995 Summary: Non-responsive maintainer check for uwog Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: asio Severity: medium Priority: medium Assignee: uwog(a)uwog.net Reporter: belegdol(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io, raineforest(a)raineforest.me, uwog(a)uwog.net Target Milestone: --- Classification: Fedora This bug is part of the non-responsive maintainer procedure for uwog, following https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package…. Please respond if you are still active in Fedora and want to maintain asio. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2117995

1 2

[Bug 2110169] New: 'zbar' Python bindings are unusable in Fedora 36.
by bugzilla＠redhat.com 28 Nov '22

28 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2110169 Bug ID: 2110169 Summary: 'zbar' Python bindings are unusable in Fedora 36. Product: Fedora Version: 36 Hardware: x86_64 Status: NEW Component: zbar Severity: urgent Assignee: gwync(a)protonmail.com Reporter: august(a)schwerdfeger.name QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Created attachment 1898987 --> https://bugzilla.redhat.com/attachment.cgi?id=1898987&action=edit Backtrace of segfault when attempting to import the 'zbar' module. Description of problem: Any attempt to import the 'zbar' module within Python causes the interpreter to crash with a segfault (backtrace attached). This did not occur with Fedora 35 or earlier. Version-Release number of selected component (if applicable): zbar-python3-0.23-14.fc36.x86_64 Steps to Reproduce: 1. Start the Python interpreter. 2. Type 'import zbar' at the REPL loop. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2110169

1 2

[Bug 2091263] New: Please update it to 0.23.90 and enable pdf417 support
by bugzilla＠redhat.com 28 Nov '22

28 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2091263 Bug ID: 2091263 Summary: Please update it to 0.23.90 and enable pdf417 support Product: Fedora Version: 35 Status: NEW Component: zbar Assignee: gwync(a)protonmail.com Reporter: bugzilla(a)terrortux.de QA Contact: extras-qa(a)fedoraproject.org CC: dougsland(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, gwync(a)protonmail.com, mchehab(a)infradead.org, mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora Changes see: https://github.com/mchehab/zbar/releases -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2091263

1 5

[Bug 2081540] New: crc32 and compressions are not supported
by bugzilla＠redhat.com 14 Nov '22

14 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2081540 Bug ID: 2081540 Summary: crc32 and compressions are not supported Product: Fedora Version: rawhide Status: NEW Component: rocksdb Assignee: hegjon(a)gmail.com Reporter: socketpair(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: dcavalca(a)fb.com, epel-packagers-sig(a)lists.fedoraproject.org, hegjon(a)gmail.com, mmuzila(a)redhat.com Target Milestone: --- Classification: Fedora Opening (Creating) any RocksDB shows this in the log: 2022/05/04-03:33:21.189455 7f14b298eac0 Compression algorithms supported: 2022/05/04-03:33:21.189459 7f14b298eac0 <------>kZSTD supported: 0 2022/05/04-03:33:21.189463 7f14b298eac0 <------>kXpressCompression supported: 0 2022/05/04-03:33:21.189466 7f14b298eac0 <------>kBZip2Compression supported: 0 2022/05/04-03:33:21.189511 7f14b298eac0 <------>kZSTDNotFinalCompression supported: 0 2022/05/04-03:33:21.189515 7f14b298eac0 <------>kLZ4Compression supported: 0 2022/05/04-03:33:21.189518 7f14b298eac0 <------>kZlibCompression supported: 0 2022/05/04-03:33:21.189521 7f14b298eac0 <------>kLZ4HCCompression supported: 0 2022/05/04-03:33:21.189524 7f14b298eac0 <------>kSnappyCompression supported: 0 2022/05/04-03:33:21.189530 7f14b298eac0 Fast CRC32 supported: Not supported on x86 I think it is wrong. At least, CRC32 offloading SHOULD be enabled on all targets where it exists (I guess not only x86, but also AARCH64). Regarding compression - I would enable them all. Except, possibly, bzip2. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2081540

1 4

[Bug 2083013] New: python-shortuuid-1.0.9 is available
by bugzilla＠redhat.com 10 Nov '22

10 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2083013 Bug ID: 2083013 Summary: python-shortuuid-1.0.9 is available Product: Fedora Version: rawhide Status: NEW Component: python-shortuuid Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, ngompa13(a)gmail.com, python-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 1.0.9 Current version/release in rawhide: 1.0.8-2.fc36 URL: https://github.com/stochastic-technologies/shortuuid/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/12823/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2083013

1 6

[Bug 2121958] New: fennel-1.2.0 is available
by bugzilla＠redhat.com 10 Nov '22

10 Nov '22

https://bugzilla.redhat.com/show_bug.cgi?id=2121958 Bug ID: 2121958 Summary: fennel-1.2.0 is available Product: Fedora Version: rawhide Status: NEW Component: fennel Keywords: FutureFeature, Triaged Assignee: michel(a)michel-slm.name Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lua-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora Releases retrieved: 1.2.0 Upstream release that is considered latest: 1.2.0 Current version/release in rawhide: 1.1.0-2.fc37 URL: https://fennel-lang.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/22691/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/fennel -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2121958

1 14

2025

2024

2023

2022

2021

Epel-packagers-sig August 2022