https://bugzilla.redhat.com/show_bug.cgi?id=2179094
Bug ID: 2179094
Summary: python-breathe FTBFS with Sphinx 6+ in Rawhide
Product: Fedora
Version: rawhide
Status: NEW
Component: python-breathe
Assignee: dan.cermak(a)cgc-instruments.com
Reporter: ksurma(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dan.cermak(a)cgc-instruments.com,
epel-packagers-sig(a)lists.fedoraproject.org,
trix(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
python-breathe FTBFS with Sphinx 6+ in Rawhide
Version-Release number of selected component (if applicable):
4.34.0-6
How reproducible:
Always
Steps to Reproduce:
mock -r fedora-rawhide-x86_64
--addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-6.1.3/fedora-rawhide-x86_64/
--no-clean your.src.rpm
mock -r fedora-rawhide-x86_64
--addrepo=https://download.copr.fedorainfracloud.org/results/ksurma/sphinx-6.1.3/fedora-rawhide-x86_64/
shell
Additional info:
version 4.35 seems to support Sphinx 6:
https://github.com/breathe-doc/breathe/blob/v4.35.0/setup.py#L20
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2179094
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
Bug ID: 2052682
Summary: CVE-2022-24303 python-pillow: temporary directory with
a space character allows removal of unrelated file
after im.show() and related action
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
If the path to the temporary directory on Linux or macOS contained a space,
this would break removal of the temporary image file after im.show() (and
related actions), and potentially remove an unrelated file. This been present
since PIL.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.1.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2052682
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
Bug ID: 2042527
Summary: CVE-2022-22817 python-pillow: PIL.ImageMath.eval
allows evaluation of arbitrary expressions
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary
expressions, such as ones that use the Python exec method.
Reference:
https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#restrict-bu…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042527
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
Bug ID: 2042522
Summary: CVE-2022-22816 python-pillow: buffer over-read during
initialization of ImagePath.Path in path_getbbox() in
path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during
initialization of ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042522
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
Bug ID: 2042511
Summary: CVE-2022-22815 python-pillow: improperly initializes
ImagePath.Path in path_getbbox() in path.c
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: bdettelb(a)redhat.com, cstratak(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
infra-sig(a)lists.fedoraproject.org,
manisandro(a)gmail.com, miminar(a)redhat.com,
orion(a)nwra.com, python-maint(a)redhat.com,
python-sig(a)lists.fedoraproject.org, torsava(a)redhat.com
Target Milestone: ---
Classification: Other
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes
ImagePath.Path.
References:
https://github.com/python-pillow/Pillow/blob/c5d9223a8b5e9295d15b5a9b1ef1da…https://pillow.readthedocs.io/en/stable/releasenotes/9.0.0.html#fixed-image…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2042511
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
Bug ID: 2176591
Summary: msmtp package should provide /usr/bin/sendmail
Product: Fedora
Version: rawhide
Status: NEW
Component: msmtp
Assignee: lemenkov(a)gmail.com
Reporter: yann(a)droneaud.fr
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
gbcox(a)bzb.us, lemenkov(a)gmail.com, ndevos(a)redhat.com,
wart(a)kobold.org
Target Milestone: ---
Classification: Fedora
Description of problem:
msmtp package is not declared to provide /usr/sbin/sendmail. But installing
the package, makes msmtp the "mta" (see alternatives --display mta), and thus
provide /usr/bin/sendmail.
Some packages, see below, requires /usr/sbin/sendmail
BackupPC-0:4.4.0-9.fc38.x86_64
alpine-0:2.26-3.fc38.x86_64
arpwatch-14:3.3-14.fc39.x86_64
asterisk-voicemail-0:18.12.1-1.fc38.3.x86_64
certwatch-mod_ssl-0:1.2-12.fc38.x86_64
fail2ban-sendmail-0:1.0.2-2.fc38.noarch
fvwm-0:2.7.0-3.fc38.x86_64
hylafax+-client-0:7.0.7-1.fc39.i686
hylafax+-client-0:7.0.7-1.fc39.x86_64
mgetty-0:1.2.1-18.fc38.x86_64
quilt-0:0.67-4.fc39.noarch
redhat-lsb-core-0:4.1-60.fc38.i686
redhat-lsb-core-0:4.1-60.fc38.x86_64
spamass-milter-0:0.4.0-24.fc38.x86_64
uudeview-0:0.5.20-51.fc38.x86_64
websec-0:1.9.0-34.fc38.noarch
x509watch-0:0.6.1-14.fc38.noarch
Thus, when asking dnf to install one of the packages above, it will also
install another mta from the list below if none of them is already installed.
Likely esmtp in my experience (likely because it's the first alphabetically).
esmtp-0:1.2-21.fc38.x86_64
exim-0:4.96-8.fc38.x86_64
opensmtpd-0:6.8.0p2-11.fc38.x86_64
postfix-2:3.7.4-1.fc38.x86_64
sendmail-0:8.17.1-8.fc38.x86_64
ssmtp-0:2.64-32.fc38.x86_64
Having msmtp already installed should be enough to satisfy /usr/sbin/sendmail
requirement, and no other MTA should be installed as part of installing another
package.
Version-Release number of selected component (if applicable):
msmtp-1.8.23-1.fc38.x86_64
How reproducible:
When installing a package that requires /usr/bin/sendmail when no other MTA
is installed.
Steps to Reproduce:
1. dnf install msmtp
2. dnf install arpwatch
Actual results:
"dnf install arpwatch" installs arpwatch and esmtp
Expected results:
"dnf install arpwatch" would install only arpwatch
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2176591
https://bugzilla.redhat.com/show_bug.cgi?id=2208403
Bug ID: 2208403
Summary: busybox-1.36.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: busybox
Keywords: FutureFeature, Triaged
Assignee: spotrh(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: admiller(a)redhat.com, davide(a)cavalca.name,
dvlasenk(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
spotrh(a)gmail.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 1.36.1
Upstream release that is considered latest: 1.36.1
Current version/release in rawhide: 1.36.0-2.fc38
URL: https://www.busybox.net/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/230/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/busybox
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2208403
https://bugzilla.redhat.com/show_bug.cgi?id=2093731
Bug ID: 2093731
Summary: zbarimg does not read a Code 128 barcode
Product: Fedora
Version: 36
Status: NEW
Component: zbar
Severity: high
Assignee: gwync(a)protonmail.com
Reporter: cristian.ciupitu(a)yahoo.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dougsland(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
gwync(a)protonmail.com, mchehab(a)infradead.org,
mr.marcelo.barbosa(a)gmail.com, negativo17(a)gmail.com
Target Milestone: ---
Classification: Fedora
Created attachment 1886898
--> https://bugzilla.redhat.com/attachment.cgi?id=1886898&action=edit
Code 128 barcode
Description of problem:
zbarimg does not read a Code 128 barcode
Version-Release number of selected component (if applicable):
zbar-0.23.90-1.fc36.x86_64
How reproducible:
Every time
Steps to Reproduce:
1. zbarimg barcode.png
Actual results:
scanned 0 barcode symbols from 1 images in 0 seconds
WARNING: barcode data was not detected in some image(s)
Things to check:
- is the barcode type supported? Currently supported symbologies are:
. EAN/UPC (EAN-13, EAN-8, EAN-2, EAN-5, UPC-A, UPC-E, ISBN-10, ISBN-13)
. DataBar, DataBar Expanded
. Code 128
. Code 93
. Code 39
. Codabar
. Interleaved 2 of 5
. QR code
. SQ code
. PDF 417
- is the barcode large enough in the image?
- is the barcode mostly in focus?
- is there sufficient contrast/illumination?
- If the symbol is split in several barcodes, are they combined in one image?
- Did you enable the barcode type?
some EAN/UPC codes are disabled by default. To enable all, use:
$ zbarimg -S*.enable <files>
Please also notice that some variants take precedence over others.
Due to that, if you want, for example, ISBN-10, you should do:
$ zbarimg -Sisbn10.enable <files>
Expected results:
(Code 128) 755897201062022179.73
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2093731