https://bugzilla.redhat.com/show_bug.cgi?id=2278870
Bug ID: 2278870
Summary: CVE-2023-44452 xreader: Argument Injection during
parsing of CBT files [epel-7]
Product: Fedora EPEL
Version: epel7
Status: NEW
Component: xreader
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: riehecky(a)fnal.gov
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2278867
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2278870
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2278871
Bug ID: 2278871
Summary: CVE-2023-44451 xreader: path traversal when extracting
files [epel-7]
Product: Fedora EPEL
Version: epel7
Status: NEW
Component: xreader
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: riehecky(a)fnal.gov
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2278868
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2278871
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2278087
Bug ID: 2278087
Summary: freeimage: Rebuild against LibRaw 0.21.1 in RHEL 9.4
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: freeimage
Assignee: carl(a)redhat.com
Reporter: carl(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bruno(a)wolff.to, carl(a)redhat.com, debarshir(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org, hobbes1069(a)gmail.com,
i(a)cicku.me, manisandro(a)gmail.com
Target Milestone: ---
Classification: Fedora
+++ This bug was initially created as a clone of Bug #2245061 +++
LibRaw was recently rebased to 0.21.1 in CentOS Stream 9 aimed at RHEL 9.4:
https://issues.redhat.com/browse/RHEL-768
This alters the sonames exported by LibRaw, and therefore freeimage needs to be
rebuilt against the new sonames.
To fix this for CentOS Stream 9 users, before RHEL 9.4 is released, we need an
epel9-next branch for freeimage:
https://docs.fedoraproject.org/en-US/epel/epel-about-next/
--- Additional comment from Carl George 🤠 on 2023-11-22 03:02:20 UTC ---
This is fixed for CentOS Stream 9 users by this update:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-NEXT-2023-cd838eb01e
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2278087
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2278076
Bug ID: 2278076
Summary: Rebuild against LibRaw 0.21.1 in RHEL 9.4
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: OpenImageIO
Keywords: Reopened
Assignee: hobbes1069(a)gmail.com
Reporter: carl(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: carl(a)redhat.com, debarshir(a)redhat.com,
epel-packagers-sig(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org, hobbes1069(a)gmail.com
Target Milestone: ---
Classification: Fedora
+++ This bug was initially created as a clone of Bug #2245057 +++
LibRaw was recently rebased to 0.21.1 in CentOS Stream 9 aimed at RHEL 9.4:
https://issues.redhat.com/browse/RHEL-768
This alters the sonames exported by LibRaw, and therefore OpenImageIO needs to
be rebuilt against the new sonames.
To fix this for CentOS Stream 9 users, before RHEL 9.4 is released, we need an
epel9-next branch for OpenImageIO:
https://docs.fedoraproject.org/en-US/epel/epel-about-next/
--- Additional comment from Carl George 🤠 on 2023-11-22 03:25:05 UTC ---
Friendly ping, this blocks CentOS Stream 9 users with this package installed
from fully updating their systems, or installing other packages that link
against the latest LibRaw. If a maintainer can request the epel9-next branch,
I can complete the necessary rebuild. A scratch build based on the epel9
branch completed successfully.
https://koji.fedoraproject.org/koji/taskinfo?taskID=109379868
--- Additional comment from Fedora Update System on 2023-11-22 05:32:00 UTC ---
FEDORA-EPEL-2023-639e141f60 has been submitted as an update to Fedora EPEL 9.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-639e141f60
--- Additional comment from Richard Shaw on 2023-11-22 13:59:38 UTC ---
Thanks for the reminder. Update submitted.
--- Additional comment from Fedora Update System on 2023-11-23 03:01:55 UTC ---
FEDORA-EPEL-2023-639e141f60 has been pushed to the Fedora EPEL 9 testing
repository.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-639e141f60
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information
on how to test updates.
--- Additional comment from Carl George 🤠 on 2023-11-30 05:43:46 UTC ---
This update installs fine on RHEL, but doesn't resolve the issue in this bug.
It is simple to reproduce on CentOS Stream 9.
dnf install OpenImageIO
dnf update
Error:
Problem: package OpenImageIO-2.4.17.0-1.el9.x86_64 from @System requires
libraw_r.so.20()(64bit), but none of the providers can be installed
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from appstream and
LibRaw-0.20.2-6.el9.x86_64 from @System
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from appstream and
LibRaw-0.20.2-4.el9.x86_64 from appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from appstream and
LibRaw-0.20.2-5.el9.x86_64 from appstream
- cannot install both LibRaw-0.21.1-1.el9.x86_64 from appstream and
LibRaw-0.20.2-6.el9.x86_64 from appstream
- cannot install the best update candidate for package
OpenImageIO-2.4.17.0-1.el9.x86_64
- cannot install the best update candidate for package
LibRaw-0.20.2-6.el9.x86_64
An epel9-next branch must be requested so that an EPEL 9 Next build can be
created that properly links against libraw_r.so.23. Please run the following
commands from within the cloned dist-git repo:
fedpkg request-branch epel9-next
(wait a few minutes for the branch to be created)
git fetch
git switch epel9-next
git merge epel9
git push
fedpkg build
fedpkg update --type bugfix --notes "Rebuilt for LibRaw soname change" --bugs
2245057
This will give us separate OpenImageIO-2.4.17.0-1.el9 and
OpenImageIO-2.4.17.0-1.el9.next builds, for RHEL and CentOS respectively. When
that LibRaw change lands in RHEL 9.4, the epel9 branch can have the release
bumped to 2, which will be a proper upgrade path for both RHEL and CentOS
users.
--- Additional comment from Debarshi Ray on 2023-11-30 13:17:48 UTC ---
(In reply to Carl George 🤠 from comment #5)
> This update installs fine on RHEL, but doesn't resolve the issue in this
> bug. It is simple to reproduce on CentOS Stream 9.
Thanks for the testing, Carl! Reopening.
--- Additional comment from Fedora Update System on 2023-12-01 02:15:26 UTC ---
FEDORA-EPEL-2023-639e141f60 has been pushed to the Fedora EPEL 9 stable
repository.
If problem still persists, please make note of it in this bug report.
--- Additional comment from Richard Shaw on 2023-12-01 13:13:56 UTC ---
Posting the new error would help as I don't know why a rebuild wouldn't fix it.
--- Additional comment from Debarshi Ray on 2023-12-01 15:04:46 UTC ---
(In reply to Richard Shaw from comment #8)
> Posting the new error would help as I don't know why a rebuild wouldn't fix
> it.
Please, see comment 5. Carl already explained it. OpenImageIO needs a
epel9-next, and that's where it should be rebuilt against the LibRaw that's in
CentOS Stream 9.
--- Additional comment from Carl George 🤠 on 2023-12-01 18:03:01 UTC ---
> Posting the new error would help as I don't know why a rebuild wouldn't fix it.
The new build was built against RHEL 9 and libraw_r.so.20
(LibRaw-0.20.2-6.el9). CentOS Stream 9 now has libraw_r.so.23
(LibRaw-0.21.1-1.el9). It is planned for RHEL 9 to get libraw_r.so.23 next
year. Normally packages built against RHEL work on both RHEL and CentOS,
however in situations like this where a library soname is different for a
period of time, maintainers need to do an additional build in EPEL Next. This
is explained in further detail in the EPEL Next documentation.
https://docs.fedoraproject.org/en-US/epel/epel-about-next/
As a proven packager, I can resolve this for you, I just can't request the
epel9-next branch because I'm not a maintainer of the package. If you run
`fedpkg request-branch epel9-next`, I'll take care of the rest. Alternatively,
if you give the epel-packagers-sig group commit or collaborator access to the
package, that will allow me to request the branch myself.
--- Additional comment from Richard Shaw on 2023-12-01 23:39:15 UTC ---
I've added epel-packagers-sig as a collaborator to epel* and requested the
branch, see: https://pagure.io/releng/fedora-scm-requests/issue/58580
--- Additional comment from Fedora Update System on 2023-12-02 06:34:02 UTC ---
FEDORA-EPEL-NEXT-2023-9fb0826d21 has been submitted as an update to Fedora EPEL
9 Next.
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-NEXT-2023-9fb0826d21
--- Additional comment from Fedora Update System on 2023-12-03 01:56:30 UTC ---
FEDORA-EPEL-NEXT-2023-9fb0826d21 has been pushed to the Fedora EPEL 9 Next
testing repository.
You can provide feedback for this update here:
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-NEXT-2023-9fb0826d21
See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information
on how to test updates.
--- Additional comment from Fedora Update System on 2023-12-11 01:41:46 UTC ---
FEDORA-EPEL-NEXT-2023-9fb0826d21 has been pushed to the Fedora EPEL 9 Next
stable repository.
If problem still persists, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2278076
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2279288
Bug ID: 2279288
Summary: F41FailsToInstall: OpenColorIO
Product: Fedora
Version: rawhide
Status: NEW
Component: OpenColorIO
Assignee: hobbes1069(a)gmail.com
Reporter: fti-bugs(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
hobbes1069(a)gmail.com
Blocks: 2260877 (F41FailsToInstall,RAWHIDEFailsToInstall)
Target Milestone: ---
Classification: Fedora
Hello,
Please note that this comment was generated automatically by
https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py
If you feel that this output has mistakes, please open an issue at
https://pagure.io/releng/
Your package (OpenColorIO) Fails To Install in Fedora 41:
can't install OpenColorIO:
- nothing provides libpystring.so.0.0()(64bit) needed by
OpenColorIO-2.3.2-1.fc41.x86_64
If you know about this problem and are planning on fixing it, please
acknowledge so by setting the bug status to ASSIGNED. If you don't have time to
maintain this package, consider orphaning it, so maintainers of dependent
packages realize the problem.
If you don't react accordingly to the policy for FTBFS/FTI bugs
(https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails…)
your package may be orphaned in 8+ weeks.
P.S. The data was generated solely from koji buildroot, so it might be newer
than the latest compose or the content on mirrors. To reproduce, use the
koji/local repo only, e.g. in mock:
$ mock -r fedora-41-x86_64 --config-opts mirrored=False install OpenColorIO
P.P.S. If this bug has been reported in the middle of upgrading multiple
dependent packages, please consider using side tags:
https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter-d…
Thanks!
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2260877
[Bug 2260877] Fedora 41 Fails To install Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2279288
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2279746
Bug ID: 2279746
Summary: ImageMagick-libs depends on libraw_r.so.32
Product: Fedora EPEL
Version: epel9
OS: Linux
Status: NEW
Component: ImageMagick
Assignee: luya_tfz(a)thefinalzone.net
Reporter: duncan.mortimer(a)ndcn.ox.ac.uk
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, davide(a)cavalca.name,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
Description of problem:
ImageMagick-libs depends on missing library:
sudo dnf install ImageMagick-libs
Bad id for repo: TurboVNC official RPMs, byte = 8
No read/execute access in current directory, moving to /
Last metadata expiration check: 0:00:52 ago on Wed 08 May 2024 14:55:33 BST.
Error:
Problem: conflicting requests
- nothing provides libraw_r.so.23()(64bit) needed by
ImageMagick-libs-6.9.12.93-2.el9.x86_64 from epel
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
Version-Release number of selected component (if applicable):
6.9.12.93-2
How reproducible:
Every time
Steps to Reproduce:
1. dnf install ImageMagick-libs
Actual results:
Error:
Problem: conflicting requests
- nothing provides libraw_r.so.23()(64bit) needed by
ImageMagick-libs-6.9.12.93-2.el9.x86_64 from epel
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
Expected results:
ImageMagick-libs installs
Additional info:
This worked previously. Attempted to install updates today and got this error.
Removed RPM and dependent packages (caja-image-converter and eom), updated and
tried re-installing and get this error.
I do not have EPEL-next installed/enabled.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2279746
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2279745
Bug ID: 2279745
Summary: ImageMagick 6.9.12.93-2.el9 does not install due to
missing libraw_r.so.23()(64bit)
Product: Fedora EPEL
Version: epel9
Hardware: x86_64
OS: Linux
Status: NEW
Component: ImageMagick
Assignee: luya_tfz(a)thefinalzone.net
Reporter: kiltedknight(a)verizon.net
QA Contact: extras-qa(a)fedoraproject.org
CC: blaise(a)gmail.com, davide(a)cavalca.name,
epel-packagers-sig(a)lists.fedoraproject.org,
fedora(a)famillecollet.com, luya_tfz(a)thefinalzone.net,
michel(a)michel-slm.name, ngompa13(a)gmail.com,
pampelmuse(a)gmx.at, sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Cannot upgrade to ImageMagick 6.9.12.93-2.el9 due to missing requirements
Version-Release number of selected component (if applicable):
6.9.12.93-2.el9
How reproducible:
run "dnf upgrade"
Steps to Reproduce:
1. Enable EPEL repository
2. Run "dnf upgrade"
Actual results:
$ sudo dnf upgrade
Last metadata expiration check: 0:03:30 ago on Wed 08 May 2024 09:43:51 AM EDT.
Error:
Problem 1: cannot install the best update candidate for package
ImageMagick-libs-6.9.12.93-1.el9.x86_64
- nothing provides libraw_r.so.23()(64bit) needed by
ImageMagick-libs-6.9.12.93-2.el9.x86_64 from epel
Problem 2: package ImageMagick-6.9.12.93-2.el9.x86_64 from epel requires
ImageMagick-libs(x86-64) = 6.9.12.93-2.el9, but none of the providers can be
installed
- cannot install the best update candidate for package
ImageMagick-6.9.12.93-1.el9.x86_64
- nothing provides libraw_r.so.23()(64bit) needed by
ImageMagick-libs-6.9.12.93-2.el9.x86_64 from epel
(try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use
not only best candidate packages)
Expected results:
Packages update normally
Additional info:
Enabled repositories:
$ sudo dnf repolist
repo id repo name
appstream Rocky Linux 9 - AppStream
baseos Rocky Linux 9 - BaseOS
cloudstack Apache CloudStack for Enterprise Linux 9
- x86_64
crb Rocky Linux 9 - CRB
epel Extra Packages for Enterprise Linux 9 -
x86_64
epel-cisco-openh264 Extra Packages for Enterprise Linux 9
openh264 (From Cisco) - x86_64
extras Rocky Linux 9 - Extras
rpmfusion-free-updates RPM Fusion for EL 9 - Free - Updates
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2279745
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…
https://bugzilla.redhat.com/show_bug.cgi?id=2158666
Orion Poplawski <orion(a)nwra.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Product|Fedora |Fedora EPEL
Version|38 |epel9
Assignee|orion(a)nwra.com |thunderbirdtr@fedoraproject
| |.org
CC| |epel-packagers-sig(a)lists.fe
| |doraproject.org,
| |gui1ty(a)penguinpee.nl,
| |jonathan(a)almalinux.org,
| |manisandro(a)gmail.com,
| |thunderbirdtr@fedoraproject
| |.org
Component|python-pyqt6 |python-pyqt6
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2158666
https://bugzilla.redhat.com/show_bug.cgi?id=2279381
Bug ID: 2279381
Summary: Apparent AMDGPU crash after resuming from suspend
Product: Fedora
Version: 40
Hardware: x86_64
OS: Linux
Status: NEW
Component: cinnamon-session
Keywords: Desktop
Severity: medium
Assignee: leigh123linux(a)googlemail.com
Reporter: roguefortus(a)protonmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: epel-packagers-sig(a)lists.fedoraproject.org,
leigh123linux(a)googlemail.com, riehecky(a)fnal.gov
Target Milestone: ---
Classification: Fedora
I’ve been having suspend/resume issues on KDE and I’ve moved to Cinnamon to
clear out from QT DEs. So far, I haven’t run into a issue with suspend/resume
my machine, until now.
Yesterday I suspended without any issues, but after resuming I had no monitor
signal. I had no ability to go to a TTY, as such I had to hard reset.
I looked at the Journalctl logs and it seems that my GPU crashed on resume? I
don’t know, there are a lot of AMDGPU related errors.
Reproducible: Didn't try
Steps to Reproduce:
1.Click the start menu
2.Click the turn off button (this will bring a window asking if I want to turn
off the PC while a 60 second countdown begins)
3.Click "Suspend"
4.After suspending, wake up the system.
Actual Results:
No video signal of any kind.
Expected Results:
I should be seeing Cinnamon's lock screen.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2279381
Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…