January 2024 - Epel-packagers-sig - Fedora mailing-lists

[Bug 2253447] New: CVE-2023-45133 mozjs78: babel: arbitrary code execution [fedora-all]
by bugzilla＠redhat.com 16 Jan '24

16 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2253447 Bug ID: 2253447 Summary: CVE-2023-45133 mozjs78: babel: arbitrary code execution [fedora-all] Product: Fedora Version: 39 Status: NEW Component: mozjs78 Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: fzatlouk(a)redhat.com Reporter: ahanwate(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, fzatlouk(a)redhat.com, klember(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2245102 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2253447 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2171729] New: sedutil: FTBFS in Fedora rawhide/f38
by bugzilla＠redhat.com 16 Jan '24

16 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2171729 Bug ID: 2171729 Summary: sedutil: FTBFS in Fedora rawhide/f38 Product: Fedora Version: rawhide Status: NEW Component: sedutil Assignee: cra(a)fea.st Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: cra(a)fea.st, epel-packagers-sig(a)lists.fedoraproject.org, filbranden(a)gmail.com Blocks: 2117176 (F38FTBFS) Target Milestone: --- Classification: Fedora sedutil failed to build from source in Fedora rawhide/f38 https://koji.fedoraproject.org/koji/taskinfo?taskID=96467030 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Please fix sedutil at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, sedutil will be orphaned. Before branching of Fedora 39, sedutil will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2117176 [Bug 2117176] Fedora 38 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2171729

1 2

[Bug 2258480] New: python-nest-asyncio-1.5.9 is available
by bugzilla＠redhat.com 16 Jan '24

16 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2258480 Bug ID: 2258480 Summary: python-nest-asyncio-1.5.9 is available Product: Fedora Version: rawhide Status: NEW Component: python-nest-asyncio Keywords: FutureFeature, Triaged Assignee: lbalhar(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, lbalhar(a)redhat.com, python-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.5.9 Upstream release that is considered latest: 1.5.9 Current version/release in rawhide: 1.5.8-3.fc40 URL: https://pypi.org/project/nest-asyncio/1.2.1 Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/52982/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/python-nest-asyncio -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2258480 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2212443] New: python-pandas: FTBFS in Fedora 37
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2212443 Bug ID: 2212443 Summary: python-pandas: FTBFS in Fedora 37 Product: Fedora Version: 37 URL: https://koschei.fedoraproject.org/package/python-panda s Status: NEW Component: python-pandas Assignee: jonathan(a)almalinux.org Reporter: code(a)musicinmybrain.net QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, mail(a)kushaldas.in, neuro-sig(a)lists.fedoraproject.org, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, sergio.pasra(a)gmail.com, tomspur(a)fedoraproject.org, wfp5p(a)worldbroken.com Target Milestone: --- Classification: Fedora Description of problem: Package python-pandas fails to build from source in Fedora 37. Version-Release number of selected component (if applicable): 1.5.3-1.fc37 Steps to Reproduce: koji build --scratch f37 python-pandas-1.5.3-1.fc37.src.rpm Additional info: This package is tracked by Koschei. See: https://koschei.fedoraproject.org/package/python-pandas =================================== FAILURES =================================== ___________ test_construct_dask_float_array_int_dtype_match_ndarray ____________ [gw0] linux -- Python 3.11.3 /usr/bin/python3 @td.skip_if_no("dask") def test_construct_dask_float_array_int_dtype_match_ndarray(): # GH#40110 make sure we treat a float-dtype dask array with the same # rules we would for an ndarray import dask.dataframe as dd arr = np.array([1, 2.5, 3]) darr = dd.from_array(arr) res = Series(darr) expected = Series(arr) tm.assert_series_equal(res, expected) res = Series(darr, dtype="i8") expected = Series(arr, dtype="i8") tm.assert_series_equal(res, expected) msg = "In a future version, passing float-dtype values containing NaN" arr[2] = np.nan > with tm.assert_produces_warning(FutureWarning, match=msg): ../../../BUILDROOT/python-pandas-1.5.3-1.fc37.x86_64/usr/lib64/python3.11/site-packages/pandas/tests/test_downstream.py:105: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ /usr/lib64/python3.11/contextlib.py:144: in __exit__ next(self.gen) _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ def _assert_caught_no_extra_warnings( *, caught_warnings: Sequence[warnings.WarningMessage], expected_warning: type[Warning] | bool | tuple[type[Warning], ...] | None, ) -> None: """Assert that no extra warnings apart from the expected ones are caught.""" extra_warnings = [] for actual_warning in caught_warnings: if _is_unexpected_warning(actual_warning, expected_warning): # GH#38630 pytest.filterwarnings does not suppress these. if actual_warning.category == ResourceWarning: # GH 44732: Don't make the CI flaky by filtering SSL-related # ResourceWarning from dependencies unclosed_ssl = ( "unclosed transport <asyncio.sslproto._SSLProtocolTransport", "unclosed <ssl.SSLSocket", ) if any(msg in str(actual_warning.message) for msg in unclosed_ssl): continue # GH 44844: Matplotlib leaves font files open during the entire process # upon import. Don't make CI flaky if ResourceWarning raised # due to these open files. if any("matplotlib" in mod for mod in sys.modules): continue extra_warnings.append( ( actual_warning.category.__name__, actual_warning.message, actual_warning.filename, actual_warning.lineno, ) ) if extra_warnings: > raise AssertionError(f"Caused unexpected warning(s): {repr(extra_warnings)}") E AssertionError: Caused unexpected warning(s): [('RuntimeWarning', RuntimeWarning('invalid value encountered in cast'), '/builddir/build/BUILDROOT/python-pandas-1.5.3-1.fc37.x86_64/usr/lib64/python3.11/site-packages/pandas/core/dtypes/cast.py', 1836)] ../../../BUILDROOT/python-pandas-1.5.3-1.fc37.x86_64/usr/lib64/python3.11/site-packages/pandas/_testing/_warnings.py:192: AssertionError _______________________ test_xarray_cftimeindex_nearest ________________________ [gw0] linux -- Python 3.11.3 /usr/bin/python3 @td.skip_if_no("cftime") @td.skip_if_no("xarray", "0.10.4") def test_xarray_cftimeindex_nearest(): # https://github.com/pydata/xarray/issues/3751 import cftime import xarray times = xarray.cftime_range("0001", periods=2) key = cftime.DatetimeGregorian(2000, 1, 1) with tm.assert_produces_warning( FutureWarning, match="deprecated", check_stacklevel=False ): > result = times.get_loc(key, method="nearest") E TypeError: CFTimeIndex.get_loc() got an unexpected keyword argument 'method' ../../../BUILDROOT/python-pandas-1.5.3-1.fc37.x86_64/usr/lib64/python3.11/site-packages/pandas/tests/test_downstream.py:131: TypeError These new errors were caused by dependency updates; numpy 1:1.24.3-1.fc37 and python-xarray 2023.4.2-2.fc37 are likely involved. I’m not inclined to put a lot of effort into backporting changes from a more recent version of Pandas. If we want to fix the FTBFS, it may be just to skip these two tests and pretend everything is OK. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2212443

1 2

[Bug 2211786] New: [abrt] cinnamon: __init__(): Gtk.py:519:__init__:RuntimeError: Gtk couldn't be initialized. Use Gtk.init_check() if you want to handle this case.
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2211786 Bug ID: 2211786 Summary: [abrt] cinnamon: __init__(): Gtk.py:519:__init__:RuntimeError: Gtk couldn't be initialized. Use Gtk.init_check() if you want to handle this case. Product: Fedora Version: 37 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:594c08851c7c6aff59b74e76fb39c2b26a27058a; Component: cinnamon Assignee: leigh123linux(a)googlemail.com Reporter: gui1ty(a)penguinpee.nl QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, leigh123linux(a)googlemail.com, miketwebster(a)gmail.com, riehecky(a)fnal.gov Target Milestone: --- Classification: Fedora Version-Release number of selected component: cinnamon-5.6.8-2.fc37 Additional info: reporter: libreport-2.17.10 cgroup: 0::/user.slice/user-1000.slice/session-28.scope cmdline: /usr/bin/python3 /usr/bin/cinnamon-close-dialog 50331668 Desktop crash_function: __init__ exception_type: RuntimeError executable: /usr/bin/cinnamon-close-dialog interpreter: python3-3.11.3-2.fc37.x86_64 kernel: 6.2.14-200.fc37.x86_64 runlevel: N 5 type: Python3 uid: 1000 Truncated backtrace: Gtk.py:519:__init__:RuntimeError: Gtk couldn't be initialized. Use Gtk.init_check() if you want to handle this case. Traceback (most recent call last): File "/usr/bin/cinnamon-close-dialog", line 98, in <module> dialog = CloseDialog(args.xid, args.message) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/bin/cinnamon-close-dialog", line 29, in __init__ XApp.GtkWindow.__init__(self, File "/usr/lib/python3.11/site-packages/gi/overrides/Gtk.py", line 519, in __init__ raise RuntimeError( RuntimeError: Gtk couldn't be initialized. Use Gtk.init_check() if you want to handle this case. Local variables in innermost frame: self: <__main__.CloseDialog object at 0x7fecac30de80 (uninitialized at 0x(nil))> args: () kwargs: {'resizable': False, 'modal': True, 'type_hint': <enum GDK_WINDOW_TYPE_HINT_DIALOG of type Gdk.WindowTypeHint>} Potential duplicate: bug 1750018 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2211786

1 2

[Bug 2208213] New: Plugins for X3D & BVH doesn't compatible with Python 3.11
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2208213 Bug ID: 2208213 Summary: Plugins for X3D & BVH doesn't compatible with Python 3.11 Product: Fedora Version: 37 OS: Linux Status: NEW Component: blender Severity: medium Assignee: luya_tfz(a)thefinalzone.net Reporter: sunhaitao(a)devtaste.com QA Contact: extras-qa(a)fedoraproject.org CC: code(a)musicinmybrain.net, design-devel(a)lists.fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com Target Milestone: --- Classification: Fedora The `open` function in Python 3.11 no longer supports 'U' mode. But it is still used in '/usr/share/blender/3.5/scripts/addons/io_anim_bvh/import_bvh.py' and '/usr/share/blender/3.5/scripts/addons/io_scene_x3d/import_x3d.py'. Reproducible: Always An upstream patch for this is avialable at 'https://projects.blender.org/blender/blender-addons/commit/eef2e476d384e463…'. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2208213

1 4

[Bug 2189474] New: [abrt] cinnamon: run(): utils.py:21:spawn:subprocess.CalledProcessError: Command 'chmod +x /home/ingo/.local/share/applications/Rambox --No-Sandbox --Enable-Crashpad.cinnamon-generated.desktop' returned non-zero exit status 1.
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2189474 Bug ID: 2189474 Summary: [abrt] cinnamon: run(): utils.py:21:spawn:subprocess.CalledProcessError: Command 'chmod +x /home/ingo/.local/share/applications/Rambox --No-Sandbox --Enable-Crashpad.cinnamon-generated.desktop' returned non-zero exit status 1. Product: Fedora Version: 37 Hardware: x86_64 Status: NEW Whiteboard: abrt_hash:78868997b76ba9dcde7249569f28c958a2e64e91;VAR IANT_ID=cinnamon; Component: cinnamon Assignee: leigh123linux(a)googlemail.com Reporter: ingobeh(a)hotmail.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, leigh123linux(a)googlemail.com, miketwebster(a)gmail.com, riehecky(a)fnal.gov Target Milestone: --- Classification: Fedora Version-Release number of selected component: cinnamon-5.6.8-2.fc37 Additional info: reporter: libreport-2.17.4 cgroup: 0::/user.slice/user-1000.slice/session-2.scope cmdline: python3 /usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py get_process 6372 crash_function: run exception_type: subprocess.CalledProcessError executable: /usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py interpreter: python3-3.11.3-1.fc37.x86_64 kernel: 6.2.12-200.fc37.x86_64 runlevel: N 5 type: Python3 uid: 1000 Truncated backtrace: utils.py:21:spawn:subprocess.CalledProcessError: Command 'chmod +x /home/ingo/.local/share/applications/Rambox --No-Sandbox --Enable-Crashpad.cinnamon-generated.desktop' returned non-zero exit status 1. Traceback (most recent call last): File "/usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py", line 15, in spawn process = subprocess.run( ^^^^^^^^^^^^^^^ File "/usr/lib64/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['chmod', '+x', '/home/ingo/.local/share/applications/Rambox', '--No-Sandbox', '--Enable-Crashpad.cinnamon-generated.desktop']' returned non-zero exit status 1. During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py", line 112, in <module> handle_cli() File "/usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py", line 105, in handle_cli spawn('chmod +x {}'.format(desktop_path)) File "/usr/share/cinnamon/applets/grouped-window-list(a)cinnamon.org/utils.py", line 21, in spawn raise subprocess.CalledProcessError(1, command) subprocess.CalledProcessError: Command 'chmod +x /home/ingo/.local/share/applications/Rambox --No-Sandbox --Enable-Crashpad.cinnamon-generated.desktop' returned non-zero exit status 1. Local variables in innermost frame: command: 'chmod +x /home/ingo/.local/share/applications/Rambox --No-Sandbox --Enable-Crashpad.cinnamon-generated.desktop' -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2189474

1 2

[Bug 2185995] New: CVE-2023-28484 mingw-libxml2: libxml2: NULL dereference in xmlSchemaFixupComplexType [fedora-all]
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2185995 Bug ID: 2185995 Summary: CVE-2023-28484 mingw-libxml2: libxml2: NULL dereference in xmlSchemaFixupComplexType [fedora-all] Product: Fedora Version: 37 Status: NEW Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2185994 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2185995

1 4

[Bug 2185987] New: CVE-2023-29469 mingw-libxml2: libxml2: Hashing of empty dict strings isn't deterministic [fedora-all]
by bugzilla＠redhat.com 15 Jan '24

15 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2185987 Bug ID: 2185987 Summary: CVE-2023-29469 mingw-libxml2: libxml2: Hashing of empty dict strings isn't deterministic [fedora-all] Product: Fedora Version: 37 Status: NEW Component: mingw-libxml2 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: rjones(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, ktietz(a)redhat.com, rjones(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2185984 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2185987

1 4

[Bug 2256997] New: gtk-layer-shell-0.8.2 is available
by bugzilla＠redhat.com 14 Jan '24

14 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2256997 Bug ID: 2256997 Summary: gtk-layer-shell-0.8.2 is available Product: Fedora Version: rawhide Status: NEW Component: gtk-layer-shell Keywords: FutureFeature, Triaged Assignee: ego.cordatus(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: ego.cordatus(a)gmail.com, epel-packagers-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 0.8.2 Upstream release that is considered latest: 0.8.2 Current version/release in rawhide: 0.8.1-4.fc40 URL: https://github.com/wmww/gtk-layer-shell Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/198568/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/gtk-layer-shell -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2256997 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

2025

2024

2023

2022

2021

Epel-packagers-sig January 2024