[EPEL-devel] Fedora EPEL 9 updates-testing report

updates Mon, 11 Nov 2024 16:25:47 -0800

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
  10  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c5986b2cf1   
iaito-5.9.6-1.el9 radare2-5.9.6-1.el9
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-18565c82f2   
lemonldap-ng-2.20.1-1.el9



The following builds have been pushed to Fedora EPEL 9 updates-testing

    chafa-1.14.5-1.el9
    chromium-130.0.6723.116-1.el9
    csdiff-3.5.2-1.el9
    csmock-3.8.0-1.el9
    dav1d-1.5.0-2.el9
    davfs2-1.7.0-7.el9
    ffmpeg-5.1.4-3.el9
    gdu-5.29.0-1.el9
    libavif-0.11.1-5.el9
    libavif0.10-0.10.1-2.el9
    libheif-1.16.1-2.el9
    nextcloud-29.0.9-1.el9
    nordugrid-arc6-6.21.0-1.el9
    onedrive-2.5.2-1.el9
    openjph-0.18.0-1.el9
    packit-0.103.0-1.el9
    python-pytest-freezer-0.4.8-1.el9
    rust-ariadne-0.4.1-1.el9
    rust-onefetch-2.22.0-4.el9
    rust-onefetch-image-2.22.0-2.el9
    tito-0.6.27-1.el9
    vlc-3.0.21-9.el9
    xine-lib-1.2.13-4.el9

Details about builds:


================================================================================
 chafa-1.14.5-1.el9 (FEDORA-EPEL-2024-995b432284)
 Image-to-text converter for terminal
--------------------------------------------------------------------------------
Update Information:

update to 1.14.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Jonathan Wright <[email protected]> - 1.14.5-1
- update to 1.14.5
* Fri Jul 26 2024 Jonathan Wright <[email protected]> - 1.14.2-1
- update to 1.14.2 rhbz#2292927
--------------------------------------------------------------------------------


================================================================================
 chromium-130.0.6723.116-1.el9 (FEDORA-EPEL-2024-398707b664)
 A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Than Ngo <[email protected]> - 130.0.6723.116-1
- Update to 130.0.6723.116
  * High CVE-2024-10826: Use after free in Family Experience
  * High CVE-2024-10827: Use after free in Serial
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 csdiff-3.5.2-1.el9 (FEDORA-EPEL-2024-67f0106839)
 Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Kamil Dudka <[email protected]> - 3.5.2-1
- update to latest upstream release
--------------------------------------------------------------------------------


================================================================================
 csmock-3.8.0-1.el9 (FEDORA-EPEL-2024-67f0106839)
 A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:

update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Kamil Dudka <[email protected]> - 3.8.0-1
- update to latest upstream
--------------------------------------------------------------------------------


================================================================================
 dav1d-1.5.0-2.el9 (FEDORA-EPEL-2024-398707b664)
 AV1 cross-platform Decoder
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 21 2024 Fabio Valentini <[email protected]> - 1.5.0-2
- Revert unwanted changes to .gitignore
* Sat Oct 19 2024 Peter Robinson <[email protected]> - 1.5.0-1
- Update to 1.5.0
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 
1.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun 14 2024 Fabio Valentini <[email protected]> - 1.4.3-1
- Update to version 1.4.3; Fixes RHBZ#2269666
* Thu Feb 29 2024 Fabio Valentini <[email protected]> - 1.4.0-1
- Update to version 1.4.0; Fixes RHBZ#2264274
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 
1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 
1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Dec 28 2023 Fabio Valentini <[email protected]> - 1.3.0-1
- Update to version 1.3.0; Fixes RHBZ#2242012
* Wed Oct 11 2023 Miroslav SuchÃ½ <[email protected]> - 1.2.1-3
- Migrate to SPDX license
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> - 
1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 davfs2-1.7.0-7.el9 (FEDORA-EPEL-2024-70b62eb130)
 A filesystem driver for WebDAV
--------------------------------------------------------------------------------
Update Information:

build for epel9/10
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 25 2024 Miroslav SuchÃ½ <[email protected]> - 1.7.0-7
- convert license to SPDX
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 
1.7.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <[email protected]> - 
1.7.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 
1.7.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jul 19 2023 Fedora Release Engineering <[email protected]> - 
1.7.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jan 19 2023 Fedora Release Engineering <[email protected]> - 
1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Nov  5 2022 Felix Schwarz <[email protected]> - 1.7.0-1
- update to 1.7.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2157884 - Please branch and build davfs2 in epel9.
        https://bugzilla.redhat.com/show_bug.cgi?id=2157884
--------------------------------------------------------------------------------


================================================================================
 ffmpeg-5.1.4-3.el9 (FEDORA-EPEL-2024-398707b664)
 A complete solution to record, convert and stream audio and video
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 5.1.4-3
- Rebuild for dav1d 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 gdu-5.29.0-1.el9 (FEDORA-EPEL-2024-cffbac7791)
 Fast disk usage analyzer with console interface written in Go
--------------------------------------------------------------------------------
Update Information:

This is new package. gdu is disk usage analyzer, specify directory to scan or
omit it to use current directory. Once everything is scanned you can press ?
button to show help popup.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Alexey Lunev <[email protected]> - 5.29.0-1
- Initial import (Closes rhbz#2314746)
--------------------------------------------------------------------------------


================================================================================
 libavif-0.11.1-5.el9 (FEDORA-EPEL-2024-398707b664)
 Library for encoding and decoding .avif files
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 0.11.1-5
- Rebuild for dav1d 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 libavif0.10-0.10.1-2.el9 (FEDORA-EPEL-2024-398707b664)
 Library for encoding and decoding .avif files
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 0.10.1-2
- Rebuild for dav1d 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 libheif-1.16.1-2.el9 (FEDORA-EPEL-2024-398707b664)
 HEIF and AVIF file format decoder and encoder
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 1.16.1-2
- Rebuild for dav1d 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 nextcloud-29.0.9-1.el9 (FEDORA-EPEL-2024-b9c08df6f6)
 Private file sync and share server
--------------------------------------------------------------------------------
Update Information:

29.0.9 release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Andrew Bauer <[email protected]> - 29.0.9-1
- 29.0.9 release
* Fri Oct 18 2024 Andrew Bauer <[email protected]> - 29.0.8-2
- require php-pecl-redis6 or php-pecl-redis5
--------------------------------------------------------------------------------


================================================================================
 nordugrid-arc6-6.21.0-1.el9 (FEDORA-EPEL-2024-66d1ec88ff)
 Advanced Resource Connector Middleware
--------------------------------------------------------------------------------
Update Information:

AEC 6.21
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Mattias Ellert <[email protected]> - 6.21.0-1
- Update to version 6.21.0
--------------------------------------------------------------------------------


================================================================================
 onedrive-2.5.2-1.el9 (FEDORA-EPEL-2024-cc91306075)
 OneDrive Free Client written in D
--------------------------------------------------------------------------------
Update Information:

Update onedrive to 2.5.2
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 14 2024 Zamir SUN <[email protected]> - 2.5.2-1
- Update to 2.5.2
- Fixes RHBZ#2315073 RHBZ#2258756
--------------------------------------------------------------------------------


================================================================================
 openjph-0.18.0-1.el9 (FEDORA-EPEL-2024-319cf81904)
 Open-source implementation of JPEG2000 Part-15 (or JPH or HTJ2K)
--------------------------------------------------------------------------------
Update Information:

Update to 0.18.0.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Simone Caronni <[email protected]> - 0.18.0-1
- Update to 0.18.0.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2314015 - Invalid instruction, sddm, gwenview and others crash
        https://bugzilla.redhat.com/show_bug.cgi?id=2314015
  [ 2 ] Bug #2322683 - openjph-0.18.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2322683
--------------------------------------------------------------------------------


================================================================================
 packit-0.103.0-1.el9 (FEDORA-EPEL-2024-f64a35535d)
 A tool for integrating upstream projects with Fedora operating system
--------------------------------------------------------------------------------
Update Information:

Automatic update for packit-0.103.0-1.el9.
Changelog for packit
* Sun Nov 10 2024 Packit <[email protected]> - 0.103.0-1
- Packit now supports and defaults to `fast_forward_merge_into` syntax via
`--dist-git-branches-mapping` in `dist-git init`. (#2456)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Packit <[email protected]> - 0.103.0-1
- Packit now supports and defaults to `fast_forward_merge_into` syntax via 
`--dist-git-branches-mapping` in `dist-git init`. (#2456)
--------------------------------------------------------------------------------


================================================================================
 python-pytest-freezer-0.4.8-1.el9 (FEDORA-EPEL-2024-7dea30a258)
 Pytest plugin providing a fixture interface for freezegun
--------------------------------------------------------------------------------
Update Information:

Initial package
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Benjamin A. Beasley <[email protected]> - 0.4.8-1
- Initial package (close RHBZ#2325070)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2325070 - Review Request: python-pytest-freezer - Pytest plugin 
providing a fixture interface for freezegun
        https://bugzilla.redhat.com/show_bug.cgi?id=2325070
--------------------------------------------------------------------------------


================================================================================
 rust-ariadne-0.4.1-1.el9 (FEDORA-EPEL-2024-adf4a78da0)
 Fancy diagnostics & reporting crate
--------------------------------------------------------------------------------
Update Information:

import rhbz#2314660
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct  8 2024 Cristian Le <[email protected]> - 0.4.1-1
- import rhbz#2314660
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2314660 - Review Request: rust-ariadne - Fancy diagnostics & 
reporting crate
        https://bugzilla.redhat.com/show_bug.cgi?id=2314660
--------------------------------------------------------------------------------


================================================================================
 rust-onefetch-2.22.0-4.el9 (FEDORA-EPEL-2024-0a2e792c04)
 Command-line Git information tool
--------------------------------------------------------------------------------
Update Information:

Update the rust-image-0.25 patch to match what was merged upstream: fewer image
formats are now supported, but the compiled executable is smaller.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Benjamin A. Beasley <[email protected]> - 2.22.0-4
- Update the rust-image-0.25 patch to match what was merged upstream
- Fewer image formats are now supported.
--------------------------------------------------------------------------------


================================================================================
 rust-onefetch-image-2.22.0-2.el9 (FEDORA-EPEL-2024-0a2e792c04)
 Display images in the terminal
--------------------------------------------------------------------------------
Update Information:

Update the rust-image-0.25 patch to match what was merged upstream: fewer image
formats are now supported, but the compiled executable is smaller.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 10 2024 Benjamin A. Beasley <[email protected]> - 2.22.0-2
- Update the rust-image-0.25 patch to match what was merged upstream
- Fewer image formats are now supported.
--------------------------------------------------------------------------------


================================================================================
 tito-0.6.27-1.el9 (FEDORA-EPEL-2024-d54ce7b426)
 A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:

507 - Defer submodule detection to git to prevent fails caused by empty
.gitmodules file
Many improvements to tests and they now run during package build
460 - Sometimes Tito-built packages have lower NVR than packages from the
official repositories. This can now be prevented by
new config option buildconfig.test_version_suffix. It can be used like this:
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 11 2024 Jakub KadlÄÃk <[email protected]>
- Defer submodule detection to git
- Many improvements to tests and they now run during package build
- New config option `buildconfig.test_version_suffix`
--------------------------------------------------------------------------------


================================================================================
 vlc-3.0.21-9.el9 (FEDORA-EPEL-2024-398707b664)
 The cross-platform open-source multimedia framework, player and server
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 1:3.0.21-9
- Rebuild for dav1d 1.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------


================================================================================
 xine-lib-1.2.13-4.el9 (FEDORA-EPEL-2024-398707b664)
 A multimedia engine
--------------------------------------------------------------------------------
Update Information:

Update dav1d to version 1.5.0 to address previously unaddressed security issues
that are not feasibly addressable by backporting upstream changes.
This contains an ABI change (in dav1d 1.3.0), for which all dependent packages
were rebuilt.
EPEL Updates Policy Exception: https://pagure.io/epel/issue/299
Update chromium to version 130.0.6723.116.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  6 2024 Fabio Valentini <[email protected]> - 1.2.13-4
- Rebuild for dav1d 1.5.0
* Sat Mar 18 2023 Xavier Bachelot <[email protected]> - 1.2.13-3
- Enable external libdvdnav for EL9
- Restore specfile compatibility with RPM Fusion for EL7/8
- Restore building from snapshot
* Fri Mar 17 2023 Yaakov Selkowitz <[email protected]> - 1.2.13-2
- Rebuilt for libmpcdec 1.3.0
* Sun Mar 12 2023 Neal Gompa <[email protected]> - 1.2.13-1
- Update to 1.2.13
- Enable DTS/DCA and VCD support plugins
* Wed Feb 15 2023 Tom Callaway <[email protected]> - 1.2.12-11
- rebuild for libvpx
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2264940 - CVE-2024-1580 dav1d: videolan/dav1d: integer overflow 
when decoding videos with large frame size [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2264940
--------------------------------------------------------------------------------

-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 9 updates-testing report

Reply via email to