January 2023 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2143996] New: FTBFS: ncrack on rawhide
by bugzilla＠redhat.com 09 Aug '24

09 Aug '24

https://bugzilla.redhat.com/show_bug.cgi?id=2143996 Bug ID: 2143996 Summary: FTBFS: ncrack on rawhide Product: Fedora Version: rawhide Status: NEW Component: ncrack Assignee: rebus(a)seznam.cz Reporter: davide(a)cavalca.name QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, rebus(a)seznam.cz, smilner(a)redhat.com Target Milestone: --- Classification: Fedora configure: creating ./config.status config.status: creating Makefile config.status: WARNING: 'Makefile.in' seems to ignore the --datarootdir setting config.status: creating modules/Makefile config.status: creating ncrack_config.h === configuring in nbase (/builddir/build/BUILD/ncrack-0.7/nbase) configure: running /bin/sh ./configure --disable-option-checking '--prefix=/usr' '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--runstatedir=/run' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fcommon' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' '--with-libpcap=no' --cache-file=/dev/null --srcdir=. configure: error: unrecognized option: `--runstatedir=/run' Try `./configure --help' for more information configure: error: ./configure failed for nbase -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2143996

1 15

[Bug 2052682] New: CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related action
by bugzilla＠redhat.com 08 Jul '24

08 Jul '24

https://bugzilla.redhat.com/show_bug.cgi?id=2052682 Bug ID: 2052682 Summary: CVE-2022-24303 python-pillow: temporary directory with a space character allows removal of unrelated file after im.show() and related action Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: bdettelb(a)redhat.com, cstratak(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, miminar(a)redhat.com, orion(a)nwra.com, python-maint(a)redhat.com, python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com Target Milestone: --- Classification: Other If the path to the temporary directory on Linux or macOS contained a space, this would break removal of the temporary image file after im.show() (and related actions), and potentially remove an unrelated file. This been present since PIL. Reference: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2052682

1 11

[Bug 2042527] New: CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions
by bugzilla＠redhat.com 08 Jul '24

08 Jul '24

https://bugzilla.redhat.com/show_bug.cgi?id=2042527 Bug ID: 2042527 Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval allows evaluation of arbitrary expressions Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: bdettelb(a)redhat.com, cstratak(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, miminar(a)redhat.com, orion(a)nwra.com, python-maint(a)redhat.com, python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com Target Milestone: --- Classification: Other PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. Reference: https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2042527

1 23

[Bug 2042522] New: CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c
by bugzilla＠redhat.com 08 Jul '24

08 Jul '24

https://bugzilla.redhat.com/show_bug.cgi?id=2042522 Bug ID: 2042522 Summary: CVE-2022-22816 python-pillow: buffer over-read during initialization of ImagePath.Path in path_getbbox() in path.c Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: bdettelb(a)redhat.com, cstratak(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, miminar(a)redhat.com, orion(a)nwra.com, python-maint(a)redhat.com, python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com Target Milestone: --- Classification: Other path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path. References: https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da… https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2042522

1 22

[Bug 2042511] New: CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c
by bugzilla＠redhat.com 08 Jul '24

08 Jul '24

https://bugzilla.redhat.com/show_bug.cgi?id=2042511 Bug ID: 2042511 Summary: CVE-2022-22815 python-pillow: improperly initializes ImagePath.Path in path_getbbox() in path.c Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: bdettelb(a)redhat.com, cstratak(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, manisandro(a)gmail.com, miminar(a)redhat.com, orion(a)nwra.com, python-maint(a)redhat.com, python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com Target Milestone: --- Classification: Other path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. References: https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da… https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2042511

1 19

[Bug 2120537] New: 'bodhi updates new' does not report error/warning when setting karma limit below minimal value for package in critical path
by bugzilla＠redhat.com 21 May '24

21 May '24

https://bugzilla.redhat.com/show_bug.cgi?id=2120537 Bug ID: 2120537 Summary: 'bodhi updates new' does not report error/warning when setting karma limit below minimal value for package in critical path Product: Fedora Version: rawhide Status: NEW Component: bodhi-client Assignee: thrcka(a)redhat.com Reporter: zdohnal(a)redhat.com CC: aurelien(a)bompard.org, epel-packagers-sig(a)lists.fedoraproject.org, lenka(a)sepu.cz, thrcka(a)redhat.com Target Milestone: --- Classification: Fedora Hi, I was surprised why my bodhi update ( https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 ) doesn't show an option for pushing into stable or why the update is not in stable already, because the positive karma limit (1) is reached. On #fedora-devel IRC channel kalev answered: (09:34:34 AM) zdohnal: Hi all, do you have an idea what blocks this update https://bodhi.fedoraproject.org/updates/FEDORA-2022-6f5e420e52 from being pushed to the stable? (09:38:32 AM) kalev: zdohnal: looks like it's marked as critical path and because of that, it needs minimum of +2 karma to be pushed to stable (09:40:19 AM) GrannyGoose left the room (quit: Quit: Going offline, see ya! (www.adiirc.com)) (09:41:00 AM) zdohnal: kalev: aha - good to know. However bodhi-client should give me error when I set karma below this limit... According to the conversation, there is karma limit for components in critical path and it is higher - 2 - than the limit set by me - 1, which causes confusion. I use 'bodhi updates new' CLI command for creating updates, and I didn't see any error/warning regarding setting the karma limit too low. IMHO CLI command has to fail if user tries to set the limit too low, and bodhi web UI should handle this in some way as well. Would you mind looking into it? Version-Release number of selected component (if applicable): bodhi-client-6.0.1-4.fc37 How reproducible: always Steps to Reproduce: 1. $ bodhi updates new --type bugfix --close-bugs --request testing --autokarma --autotime --stable-karma 1 --unstable-karma -1 --notes "Update for component in critical path" <critical-component-1.2.3-1.fc37> Actual results: No error or warning, bodhi web ui shows user defined limit and the update has karma to fulfill the limit, but the update is not pushed into stable. Expected results: Give error (in both interfaces - CLI and Web UI) if user wants to set lower karma limit than it is required on the package. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2120537

1 2

[Bug 2143737] New: python-eventlet-0.33.2 is available
by bugzilla＠redhat.com 11 Apr '24

11 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2143737 Bug ID: 2143737 Summary: python-eventlet-0.33.2 is available Product: Fedora Version: rawhide Status: NEW Component: python-eventlet Keywords: FutureFeature, Triaged Assignee: kevin(a)scrye.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: apevec(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, kevin(a)scrye.com, python-packagers-sig(a)lists.fedoraproject.org, shamardin(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 0.33.2 Upstream release that is considered latest: 0.33.2 Current version/release in rawhide: 0.33.1-4.fc37 URL: http://eventlet.net Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/13191/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-eventlet -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2143737

1 30

[Bug 2125734] New: Please branch and build python-rpmautospec in epel8.
by bugzilla＠redhat.com 05 Apr '24

05 Apr '24

https://bugzilla.redhat.com/show_bug.cgi?id=2125734 Bug ID: 2125734 Summary: Please branch and build python-rpmautospec in epel8. Product: Fedora EPEL Version: epel8 Status: NEW Component: python-rpmautospec Assignee: asaleh(a)redhat.com Reporter: gotmax(a)e.email CC: asaleh(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, infra-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name, nphilipp(a)redhat.com Target Milestone: --- Classification: Fedora Please branch and build python-rpmautospec in epel8. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2125734

1 8

[Bug 2128525] New: Rebase gajim to 1.5.1 in EPEL 9
by bugzilla＠redhat.com 02 Mar '24

02 Mar '24

https://bugzilla.redhat.com/show_bug.cgi?id=2128525 Bug ID: 2128525 Summary: Rebase gajim to 1.5.1 in EPEL 9 Product: Fedora EPEL Version: epel9 Hardware: All OS: Linux Status: NEW Component: gajim Severity: medium Assignee: redhat-bugzilla(a)linuxnetz.de Reporter: redhat-bugzilla(a)linuxnetz.de QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, lemenkov(a)gmail.com, mschmidt(a)redhat.com, redhat-bugzilla(a)linuxnetz.de, suraia(a)ikkoku.de Depends On: 2128097, 2128522, 2128524 Target Milestone: --- Classification: Fedora Rebase gajim to 1.5.1 in EPEL 9 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2128097 [Bug 2128097] gajim-1.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2128522 [Bug 2128522] Please rebase pygobject3 to 3.42.2 https://bugzilla.redhat.com/show_bug.cgi?id=2128524 [Bug 2128524] Please rebase pango to 1.50.10 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2128525

1 7

[Bug 2128527] New: Rebase python-nbxmpp to 3.2.2 in EPEL 9
by bugzilla＠redhat.com 02 Mar '24

02 Mar '24

https://bugzilla.redhat.com/show_bug.cgi?id=2128527 Bug ID: 2128527 Summary: Rebase python-nbxmpp to 3.2.2 in EPEL 9 Product: Fedora EPEL Version: epel9 Hardware: All OS: Linux Status: NEW Component: python-nbxmpp Severity: medium Assignee: redhat-bugzilla(a)linuxnetz.de Reporter: redhat-bugzilla(a)linuxnetz.de QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, mschmidt(a)redhat.com, suraia(a)ikkoku.de Depends On: 2122047 Blocks: 2128525 Target Milestone: --- Classification: Fedora Rebase python-nbxmpp to 3.2.2 in EPEL 9 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2122047 [Bug 2122047] python-nbxmpp-3.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2128525 [Bug 2128525] Rebase gajim to 1.5.1 in EPEL 9 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2128527

1 2

2025

2024

2023

2022

2021

Epel-packagers-sig January 2023