February 2024 - Epel-packagers-sig - Fedora Mailing-Lists

[Bug 2223821] New: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Bug ID: 2223821 Summary: TRIAGE-CVE-2023-2975 openssl3: openSSL: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2223016 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2223821 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 week, 2 days

1
6
0 / 0

[Bug 2211109] New: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2211109 Bug ID: 2211109 Summary: CVE-2023-2650 openssl3: openssl: Possible DoS translating ASN.1 object identifiers [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2207947 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2211109

1 week, 2 days

1
6
0 / 0

[Bug 2188526] New: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2188526 Bug ID: 2188526 Summary: CVE-2023-1255 openssl3: openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: saroy(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2188461 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2188526

1 week, 2 days

1
6
0 / 0

[Bug 2182602] New: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2182602 Bug ID: 2182602 Summary: CVE-2023-0466 openssl3: openssl: Certificate policy check not enabled [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182565 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182602

1 week, 2 days

1
6
0 / 0

[Bug 2182590] New: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2182590 Bug ID: 2182590 Summary: CVE-2023-0465 openssl3: openssl: Invalid certificate policies in leaf certificates are silently ignored [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: openssl3 Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: michel(a)michel-slm.name Reporter: trathi(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, michel(a)michel-slm.name Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2182561 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182590

1 week, 2 days

1
6
0 / 0

[Bug 2258263] New: spdlog-1.13.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2258263 Bug ID: 2258263 Summary: spdlog-1.13.0 is available Product: Fedora Version: rawhide Status: NEW Component: spdlog Keywords: FutureFeature, Triaged Assignee: vitaly(a)easycoding.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, logans(a)cottsay.net, thunderbirdtr(a)fedoraproject.org, vitaly(a)easycoding.org Target Milestone: --- Classification: Fedora Releases retrieved: 1.13.0 Upstream release that is considered latest: 1.13.0 Current version/release in rawhide: 1.12.0-2.fc39 URL: https://github.com/gabime/spdlog/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/15599/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/spdlog -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2258263 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 week, 2 days

1
2
0 / 0

[Bug 2263999] New: Drop i686 support from python-pandas

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2263999 Bug ID: 2263999 Summary: Drop i686 support from python-pandas Product: Fedora Version: rawhide OS: Linux Status: NEW Component: python-pandas Keywords: Improvement, RFE, Upstream Severity: medium Assignee: jonathan(a)almalinux.org Reporter: gui1ty(a)penguinpee.nl QA Contact: extras-qa(a)fedoraproject.org CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, mail(a)kushaldas.in, neuro-sig(a)lists.fedoraproject.org, orion(a)nwra.com, python-packagers-sig(a)lists.fedoraproject.org, sergio.pasra(a)gmail.com, tomspur(a)fedoraproject.org, wfp5p(a)worldbroken.com Target Milestone: --- Classification: Fedora Upstream has plans[0] for adding a dependency on PyArrow in the next major release (3.0). With `libarrow`[1] excluding `%{ix86}` and `%{arm}` we need to follow suit. Since a lot of packages depend on pandas, we should set that in motion now. Even if upstream should decide not to depend on PyArrow, this effort is still worth it as a continuation of the i686 leaf removal effort[2] from a view release back. Besides, upstream has dropped 32-bit support in pandas a while back. Thus, this brings us in line with upstream. [0] https://github.com/pandas-dev/pandas/issues/54466 [1] https://src.fedoraproject.org/rpms/libarrow [2] https://fedoraproject.org/wiki/Changes/EncourageI686LeafRemoval Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2263999 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 week, 3 days

1
25
0 / 0

[Bug 2259558] New: F40FailsToInstall: blender

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2259558 Bug ID: 2259558 Summary: F40FailsToInstall: blender Product: Fedora Version: rawhide Status: NEW Component: blender Assignee: luya_tfz(a)thefinalzone.net Reporter: fti-bugs(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: code(a)musicinmybrain.net, design-devel(a)lists.fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com Blocks: 2231790 (F40FailsToInstall,RAWHIDEFailsToInstall) Target Milestone: --- Classification: Fedora Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ Your package (blender) Fails To Install in Fedora 40: can't install blender: - nothing provides libboost_python312.so.1.81.0()(64bit) needed by blender-1:4.0.2-1.fc40.x86_64 - nothing provides libopenvdb.so.10.1()(64bit) needed by blender-1:4.0.2-1.fc40.x86_64 - nothing provides libboost_locale.so.1.81.0()(64bit) needed by blender-1:4.0.2-1.fc40.x86_64 If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem. If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai...), your package may be orphaned in 8+ weeks. P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors. To reproduce, use the koji/local repo only, e.g. in mock: $ mock -r fedora-40-x86_64 --config-opts mirrored=False install blender P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter... Thanks! Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231790 [Bug 2231790] Fedora 40 Fails To install Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2259558 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

2 weeks

1
22
0 / 0

[Bug 2261013] New: blender: FTBFS in Fedora rawhide/f40

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2261013 Bug ID: 2261013 Summary: blender: FTBFS in Fedora rawhide/f40 Product: Fedora Version: rawhide Status: NEW Component: blender Assignee: luya_tfz(a)thefinalzone.net Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: code(a)musicinmybrain.net, design-devel(a)lists.fedoraproject.org, epel-packagers-sig(a)lists.fedoraproject.org, kwizart(a)gmail.com, luya_tfz(a)thefinalzone.net, negativo17(a)gmail.com Blocks: 2231791 (F40FTBFS) Target Milestone: --- Classification: Fedora blender failed to build from source in Fedora rawhide/f40 https://koji.fedoraproject.org/koji/taskinfo?taskID=112197970 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild Please fix blender at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, blender will be orphaned. Before branching of Fedora 41, blender will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2231791 [Bug 2231791] Fedora 40 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2261013 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

2 weeks, 1 day

1
18
0 / 0

[Bug 2248129] New: python-pyqt6 fails to build with Python 3.13: RecursionError: maximum recursion depth exceeded in comparison

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2248129 Bug ID: 2248129 Summary: python-pyqt6 fails to build with Python 3.13: RecursionError: maximum recursion depth exceeded in comparison Product: Fedora Version: rawhide Status: NEW Component: python-pyqt6 Assignee: thunderbirdtr(a)fedoraproject.org Reporter: ksurma(a)redhat.com CC: epel-packagers-sig(a)lists.fedoraproject.org, jonathan(a)almalinux.org, kde-sig(a)lists.fedoraproject.org, ksurma(a)redhat.com, manisandro(a)gmail.com, mhroncok(a)redhat.com, thunderbirdtr(a)fedoraproject.org Blocks: 2244836 (PYTHON3.13) Target Milestone: --- Classification: Fedora python-pyqt6 fails to build with Python 3.13.0a1. WARNING: Couldn't create 'sipbuild.generator.parser.parsetab'. [Errno 13] Permission denied: '/usr/lib64/python3.13/site-packages/sipbuild/generator/parser/parsetab.py' Generating the QtCore .api file... Generating the QtCore .pyi file... sip-build: An internal error occurred... Traceback (most recent call last): File "/usr/bin/sip-build", line 8, in <module> sys.exit(main()) ^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/tools/build.py", line 37, in main handle_exception(e) File "/usr/lib64/python3.13/site-packages/sipbuild/exceptions.py", line 81, in handle_exception raise e File "/usr/lib64/python3.13/site-packages/sipbuild/tools/build.py", line 34, in main project.build() File "/usr/lib64/python3.13/site-packages/sipbuild/project.py", line 245, in build self.builder.build() File "/usr/lib64/python3.13/site-packages/sipbuild/builder.py", line 48, in build self._generate_bindings() File "/usr/lib64/python3.13/site-packages/sipbuild/builder.py", line 280, in _generate_bindings buildable = bindings.generate() ^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/bindings.py", line 214, in generate output_pyi(spec, project, pyi_path) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 53, in output_pyi _module(pf, spec, module) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 132, in _module _class(pf, spec, module, klass, defined) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 282, in _class _ctor(pf, spec, module, ctor, nr_overloads > 1, defined, indent) File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 356, in _ctor as_str = _argument(spec, module, arg, defined, arg_nr=arg_nr) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 676, in _argument s += _type(spec, module, arg, defined, out=out) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/pyi.py", line 710, in _type return ArgumentFormatter(spec, arg).as_type_hint(module, out, defined) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/formatters/argument.py", line 327, in as_type_hint s += TypeHintManager(self.spec).as_type_hint(hint, out, context, ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib64/python3.13/site-packages/sipbuild/generator/outputs/type_hints.py", line 107, in __new__ manager = cls._spec_manager_map[spec] ~~~~~~~~~~~~~~~~~~~~~^^^^^^ File "/usr/lib64/python3.13/weakref.py", line 415, in __getitem__ return self.data[ref(key)] ~~~~~~~~~^^^^^^^^^^ File "<string>", line 4, in __eq__ File "<string>", line 4, in __eq__ File "<string>", line 4, in __eq__ [Previous line repeated 495 more times] RecursionError: maximum recursion depth exceeded in comparison https://docs.python.org/3.13/whatsnew/3.13.html For the build logs, see: https://copr-be.cloud.fedoraproject.org/results/@python/python3.13/fedora... For all our attempts to build python-pyqt6 with Python 3.13, see: https://copr.fedorainfracloud.org/coprs/g/python/python3.13/package/pytho... Testing and mass rebuild of packages is happening in copr. You can follow these instructions to test locally in mock if your package builds with Python 3.13: https://copr.fedorainfracloud.org/coprs/g/python/python3.13/ Let us know here if you have any questions. Python 3.13 is planned to be included in Fedora 41. To make that update smoother, we're building Fedora packages with all pre-releases of Python 3.13. A build failure prevents us from testing all dependent packages (transitive [Build]Requires), so if this package is required a lot, it's important for us to get it fixed soon. We'd appreciate help from the people who know this package best, but if you don't want to work on this now, let us know so we can try to work around it on our side. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2244836 [Bug 2244836] Python 3.13 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2248129 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

2 weeks, 1 day

1
2
0 / 0

2024

2023

2022

2021

Epel-packagers-sig February 2024