December 2023 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2182590] New: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2182590 Bug ID: 2182590 Summary: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182561 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182590

3 weeks, 1 day

1
6
0 / 0

[Bug 2248129] New: python-pyqt6 fails to build with Python 3.13: RecursionError: maximum recursion depth exceeded in comparison

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248129 Bug ID: 2248129 Summary: python-pyqt6 fails to build with Python 3.13: RecursionError: maximum recursion depth exceeded in comparison Product: Fedora Version: rawhide Status: NEW Component: python-pyqt6 Assignee: thunderbirdtr(a)fedoraproject.org Reporter: ksurma(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, kde-sig(a)lists.fedoraproject.org, ksurma(a)redhat.com, manisandro(a)gmail.com, mhroncok(a)redhat.com, thunderbirdtr(a)fedoraproject.org Blocks: 2244836 (PYTHON3.13) Target Milestone: --- Classification: Fedora python-pyqt6 fails to build with Python 3.13.0a1. WARNING: Couldn't create 'sipbuild.generator.parser.parsetab'. [Errno 13] Permission denied: '/usr/lib64/python3.13/site-packages/sipbuild/generator/parser/parsetab.py' Generating the QtCore .api file... Generating the QtCore .pyi file... sip-build: An internal error occurred... Traceback (most recent call last): File "/usr/bin/sip-build", line 8, in <module> sys.exit(main()) ^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/tools/build.py", line 37, in main handle_exception(e) File "/usr/lib64/python3.13/site-packages/sipbuild/exceptions.py", line 81, in handle_exception raise e File "/usr/lib64/python3.13/site-packages/sipbuild/tools/build.py", line 34, in main project.build() File "/usr/lib64/python3.13/site-packages/sipbuild/project.py", line 245, in build self.builder.build() File "/usr/lib64/python3.13/site-packages/sipbuild/builder.py", line 48, in build self._generate_bindings() File "/usr/lib64/python3.13/site-packages/sipbuild/builder.py", line 280, in _generate_bindings buildable = bindings.generate() ^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/bindings.py", line 214, in generate output_pyi(spec, project, pyi_path) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 53, in output_pyi _module(pf, spec, module) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 132, in _module _class(pf, spec, module, klass, defined) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 282, in _class _ctor(pf, spec, module, ctor, nr_overloads > 1, defined, indent) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 356, in _ctor as_str = _argument(spec, module, arg, defined, arg_nr=arg_nr) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 676, in _argument s += _type(spec, module, arg, defined, out=out) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 710, in _type return ArgumentFormatter(spec, arg).as_type_hint(module, out, defined) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/formatters/argument.py", line 327, in as_type_hint s += TypeHintManager(self.spec).as_type_hint(hint, out, context, ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/type_hints.py", line 107, in __new__ manager = cls._spec_manager_map[spec] ~~~~~~~~~~~~~~~~~~~~~^^^^^^ File "/usr/lib64/python3.13/weakref.py", line 415, in __getitem__ return self.data[ref(key)] ~~~~~~~~~^^^^^^^^^^ File "<string>", line 4, in __eq__ File "<string>", line 4, in __eq__ File "<string>", line 4, in __eq__ [Previous line repeated 495 more times] RecursionError: maximum recursion depth exceeded in comparison https://docs.python.org/3.13/whatsnew/3.13.html For the build logs, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.13/fedora... For all our attempts to build python-pyqt6 with Python 3.13, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.13/package/pytho... Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.13: https://copr.fedorainfracloud.org/coprs/g/python/python3.13/ Let us know here if you have any questions. Python 3.13 is planned to be included in Fedora 41. To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.13. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2244836 [Bug 2244836] Python 3.13 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248129 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 weeks

1
2
0 / 0

[Bug 2239437] New: gnome-calendar-45.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2239437 Bug ID: 2239437 Summary: gnome-calendar-45.0 is available Product: Fedora Version: rawhide Status: NEW Component: gnome-calendar Keywords: FutureFeature, Triaged Assignee: gnome-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, gnome-sig(a)lists.fedoraproject.org, igor.raits(a)gmail.com, klember(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 45.0 Upstream release that is considered latest: 45.0 Current version/release in rawhide: 45~rc-1.fc40 URL: https://wiki.gnome.org/Apps/Calendar Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/10906/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/gnome-calendar -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2239437 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
5
0 / 0

[Bug 2242181] New: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Bug ID: 2242181 Summary: CVE-2023-43665 python-django3: python-django: Denial-of-service possibility in django.utils.text.Truncator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2241046 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2242181 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
5
0 / 0

[Bug 2237871] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Bug ID: 2237871 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237871 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
6
0 / 0

[Bug 2219382] New: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Bug ID: 2219382 Summary: TRIAGE-CVE-2023-36053 python-django3: python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator [fedora-all] Product: Fedora Version: 38 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2218004 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2219382 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
5
0 / 0

[Bug 2237869] New: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Bug ID: 2237869 Summary: CVE-2023-41164 python-django3: python-django: Potential denial of service vulnerability in ``django.utils.encoding.uri_to_iri()`` [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: python-django3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2237258 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2237869 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
6
0 / 0

[Bug 2249227] New: spdlog headers are broken

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2249227 Bug ID: 2249227 Summary: spdlog headers are broken Product: Fedora Version: 38 Status: NEW Component: spdlog Assignee: vitaly(a)easycoding.org Reporter: susi.lehtola(a)iki.fi QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, logans(a)cottsay.net, thunderbirdtr(a)fedoraproject.org, vitaly(a)easycoding.org Target Milestone: --- Classification: Fedora Description of problem: spdlog header files are broken. The failure can be triggered by trying to compile the test program hello.cpp: #include <spdlog/spdlog.h> int main(void) { std::cout << "Hello world!\n"; return 0; } $ g++ hello.cpp In file included from /usr/include/spdlog/common.h:45, from /usr/include/spdlog/spdlog.h:12, from hello.cpp:1: /usr/include/spdlog/fmt/fmt.h:27:14: fatal error: spdlog/fmt/bundled/core.h: No such file or directory 27 | # include <spdlog/fmt/bundled/core.h> | ^~~~~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. Version-Release number of selected component (if applicable): $ rpm -q spdlog spdlog-1.11.0-5.fc38.x86_64 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2249227 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
4
0 / 0

[Bug 2215458] New: golang-x-tools-0.10.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2215458 Bug ID: 2215458 Summary: golang-x-tools-0.10.0 is available Product: Fedora Version: rawhide Status: NEW Component: golang-x-tools Keywords: FutureFeature, Triaged Assignee: mark.e.fuller(a)gmx.de Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, go-sig(a)lists.fedoraproject.org, mark.e.fuller(a)gmx.de Target Milestone: --- Classification: Fedora Releases retrieved: 0.10.0 Upstream release that is considered latest: 0.10.0 Current version/release in rawhide: 0.9.3-1.fc39 URL: https://github.com/golang/tools Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/9382/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/golang-x-tools -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2215458 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
84
0 / 0

[Bug 2253924] New: python-pikepdf-8.9.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2253924 Bug ID: 2253924 Summary: python-pikepdf-8.9.0 is available Product: Fedora Version: rawhide Status: NEW Component: python-pikepdf Keywords: FutureFeature, Triaged Assignee: quantum.analyst(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, python-packagers-sig(a)lists.fedoraproject.org, quantum.analyst(a)gmail.com, zdohnal(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 8.9.0 Upstream release that is considered latest: 8.9.0 Current version/release in rawhide: 8.8.0-1.fc40 URL: https://github.com/pikepdf/pikepdf Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/17724/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-pikepdf -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2253924 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
10
0 / 0

2024

2023

2022

2021

Epel-packagers-sig December 2023