https://bugzilla.redhat.com/show_bug.cgi?id=2140488
Bug ID: 2140488
Summary: python-mistune-3.0.0a3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-mistune
Keywords: FutureFeature, Triaged
Assignee: lupinix.fedora(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
lupinix.fedora(a)gmail.com,
python-packagers-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.0.0rc2
Upstream release that is considered latest: 3.0.0a3
Current version/release in rawhide: 2.0.4-1.fc38
URL: https://github.com/lepture/mistune
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/6189/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-mistune
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2140488
https://bugzilla.redhat.com/show_bug.cgi?id=2174149
Bug ID: 2174149
Summary: python-claripy-9.2.40 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: python-claripy
Keywords: FutureFeature, Triaged
Assignee: mail(a)fabian-affolter.ch
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
mail(a)fabian-affolter.ch, redhat(a)flyn.org
Target Milestone: ---
Classification: Fedora
Releases retrieved: 9.2.40
Upstream release that is considered latest: 9.2.40
Current version/release in rawhide: 9.2.39-1.fc39
URL: https://pypi.org/project/claripy/8.19.10.29
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/34905/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/python-claripy
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2174149
https://bugzilla.redhat.com/show_bug.cgi?id=2121894
Bug ID: 2121894
Summary: builtins.h requires mpc.h from libmpc-devel
Product: Fedora
Version: 36
Hardware: x86_64
OS: Linux
Status: NEW
Component: cross-gcc
Severity: medium
Assignee: dhowells(a)redhat.com
Reporter: elliott(a)hpe.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dan(a)danny.cz, dhowells(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
lkundrak(a)v3.sk
Target Milestone: ---
Classification: Fedora
Description of problem:
Cross compiles of the linux kernel 6.0-rc1 allmodconfig fail for arm, arm64,
mips, powerpc, and s390.
This originates in scripts/gcc-plugins/Kconfig, which has this entry:
menuconfig GCC_PLUGINS
bool "GCC plugins"
depends on HAVE_GCC_PLUGINS
depends on CC_IS_GCC
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
default y
depends on $(success,test -e $(shell,$(CC)
-print-file-name=plugin)/include/plugin-version.h)
arch/sparc/Kconfig does not include
select HAVE_GCC_PLUGINS
but all the others do.
The -print-file-name tests passes for all the cross-compilers, but does not
for native x86:
$ gcc -print-file-name=plugin
plugin
$ powerpc64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin
$ aarch64-linux-gnu-gcc -print-file-name=plugin
/usr/lib/gcc/aarch64-linux-gnu/12/plugin
$ find /usr/lib/gcc -name plugin-version.h
/usr/lib/gcc/s390x-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/powerpc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/sparc64-linux-gnu/12/plugin/include/plugin-version.h
/usr/lib/gcc/arm-linux-gnueabi/12/plugin/include/plugin-version.h
/usr/lib/gcc/mips64-linux-gnu/12/plugin/include/plugin-version.h
so the .x86 .config file only gets:
CONFIG_HAVE_GCC_PLUGINS=y
while the others get that, CONFIG_GCC_PLUGINS, and a several
specific plugins:
build-arm64/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGINS=y
build-arm64/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm64/.config:CONFIG_GCC_PLUGIN_STACKLEAK=y
build-arm64/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-arm/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGINS=y
build-arm/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-arm/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-mips/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGINS=y
build-mips/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-mips/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-powerpc/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGINS=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-powerpc/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-s390/.config:CONFIG_HAVE_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGINS=y
build-s390/.config:CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
build-s390/.config:CONFIG_GCC_PLUGIN_RANDSTRUCT=y
build-x86/.config:CONFIG_HAVE_GCC_PLUGINS=y
A header included by each of the plugins, scripts/gcc-plugins/gcc-common.h,
includes a GCC header file called builtins.h that includes <mpc.h>, which
does not exist anywhere on my system. That causes errors early in the build on
all of those architectures.
Version-Release number of selected component (if applicable):
gcc-[each architecture]-linux-gnu 12.1.1
How reproducible:
100%
Steps to Reproduce:
Example for arm 32-bit:
1. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- allmodconfig
2. make ARCH=arm O=build-arm CROSS_COMPILE=arm-linux-gnu- -j 55
Actual results:
For each "GCC plugin", an error like this terminates the make:
In file included from ../scripts/gcc-plugins/gcc-common.h:95,
from ../scripts/gcc-plugins/latent_entropy_plugin.c:78:
/usr/lib/gcc/aarch64-linux-gnu/12/plugin/include/builtins.h:23:10: fatal error:
mpc.h: No such file or directory
23 | #include <mpc.h>
| ^~~~~~~
compilation terminated.
Expected results:
no errors
Additional info:
That mpc.h file is provided by the libmpc-devel package.
1. Please add a dependency for the libmpc-devel package from each gcc
cross-compiler package that includes a builtins.h file
2. Please investigate whether the native gcc package not having plugins is
correct, despite the kernel x86 allmodconfig expecting them by specifying
CONFIG_HAVE_GCC_PLUGINS=y
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2121894
https://bugzilla.redhat.com/show_bug.cgi?id=2128335
Bug ID: 2128335
Summary: Please port your pcre dependency to pcre2. Pcre has
been deprecated
Product: Fedora
Version: rawhide
Status: NEW
Component: ngrep
Assignee: dcavalca(a)fb.com
Reporter: ljavorsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cickumqt(a)gmail.com, dcavalca(a)fb.com,
epel-packagers-sig(a)lists.fedoraproject.org, me(a)fale.io
Target Milestone: ---
Classification: Fedora
Pcre has been deprecated since Fedora 38.
Please consider porting to the new pcre2 version.
Fedora change that describes the pcre deprecation is located here:
https://fedoraproject.org/wiki/PcreDeprecation
FESCo approval is located here: https://pagure.io/fesco/issue/2862
If your component has already ported to pcre2 or you don't Require/BuildRequire
any pcre subpackage, feel free to close this Bugzilla.
This Bugzilla was created automatically and some issues might have occurred
along the way.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2128335
https://bugzilla.redhat.com/show_bug.cgi?id=2152010
Bug ID: 2152010
Summary: blosc-1.21.2 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: blosc
Keywords: FutureFeature, Triaged
Assignee: thibault(a)north.li
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
python-packagers-sig(a)lists.fedoraproject.org,
thibault(a)north.li, zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Fedora
Releases retrieved: 1.21.2
Upstream release that is considered latest: 1.21.2
Current version/release in rawhide: 1.21.1-3.fc37
URL: https://github.com/Blosc/c-blosc
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/205/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/blosc
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2152010
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511