The following Fedora EPEL 9 Security updates need testing:
Age URL
19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c5986b2cf1
iaito-5.9.6-1.el9 radare2-5.9.6-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-23b122f235
trafficserver-9.2.6-2.el9
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-97fdc539e2
cobbler-3.3.7-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
cobbler3.2-3.2.3-2.el9
copr-rpmbuild-1.1-1.el9
kobo-0.38.0-1.el9
onedrive-2.5.3-1.el9
perl-Devel-CheckBin-0.04-23.el9
perl-File-DirList-0.05-12.el9
proftpd-1.3.8b-4.el9
python-aiohttp-3.9.5-2.el9
python-typer-0.10.0-4.el9
rust-avif-parse-1.3.2-1.el9
rust-axum-0.7.8-1.el9
rust-clap-4.5.21-1.el9
rust-clap_builder-4.5.21-1.el9
rust-clap_complete-4.5.38-1.el9
rust-clap_lex-0.7.3-1.el9
rust-fallible_collections-0.5.1-1.el9
rust-image-0.25.5-1.el9
rust-image-webp-0.2.0-1.el9
rust-insta-1.41.1-1.el9
Details about builds:
================================================================================
cobbler3.2-3.2.3-2.el9 (FEDORA-EPEL-2024-1fa5fbde17)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 3.2.3 - CVE-2024-47533
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Orion Poplawski <[email protected]> - 3.2.3-2
- Add patch to fix internal version to 3.2.3
* Sun Nov 17 2024 Orion Poplawski <[email protected]> - 3.2.3-1
- Update to 3.2.3 (CVE-2024-47533)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327079 - CVE-2024-47533 cobbler3.2: Cobbler allows anyone to
connect to cobbler XML-RPC server with a known password and make changes
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2327079
--------------------------------------------------------------------------------
================================================================================
copr-rpmbuild-1.1-1.el9 (FEDORA-EPEL-2024-0799def9bf)
Run COPR build tasks
--------------------------------------------------------------------------------
Update Information:
Make_srpmbuild, set recursive safe.directory
Activate Red Hat subscription on demand
Drop six usage (this is a Python 3 only package)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 22 2024 Jakub Kadlcik <[email protected]> 1.1-1
- Make_srpmbuild, set recursive safe.directory
- Activate Red Hat subscription on demand
- Drop six usage (this is a Python 3 only package)
- Add tooling for "safer" RH subscription
--------------------------------------------------------------------------------
================================================================================
kobo-0.38.0-1.el9 (FEDORA-EPEL-2024-753c0d02ae)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
rebase to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Kamil Dudka <[email protected]> - 0.38.0-1
- rebase to latest upstream release (rhbz#2327211)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327211 - kobo-0.38.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2327211
--------------------------------------------------------------------------------
================================================================================
onedrive-2.5.3-1.el9 (FEDORA-EPEL-2024-28f13b2505)
OneDrive Free Client written in D
--------------------------------------------------------------------------------
Update Information:
Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 15 2024 Fedora Release Monitoring
<[email protected]> - 2.5.3-1
- Update to 2.5.3 (#2326647)
--------------------------------------------------------------------------------
================================================================================
perl-Devel-CheckBin-0.04-23.el9 (FEDORA-EPEL-2024-1cbfb0d21e)
Check that a command is available
--------------------------------------------------------------------------------
Update Information:
This is teh first EPEL-9 build of perl-Devel-CheckBin.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 28 2023 Paul Howarth <[email protected]> - 0.04-23
- Use SPDX-format license tag
- Use author-independent source URL
- Simplify find command using -delete
- Fix permissions verbosely
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> -
0.04-22
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <[email protected]> -
0.04-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 30 2022 Jitka Plesnikova <[email protected]> - 0.04-20
- Perl 5.36 rebuild
* Fri Jan 21 2022 Fedora Release Engineering <[email protected]> -
0.04-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <[email protected]> -
0.04-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Fri May 21 2021 Jitka Plesnikova <[email protected]> - 0.04-17
- Perl 5.34 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327507 - Please branch and build perl-Devel-CheckBin for EPEL 9
https://bugzilla.redhat.com/show_bug.cgi?id=2327507
--------------------------------------------------------------------------------
================================================================================
perl-File-DirList-0.05-12.el9 (FEDORA-EPEL-2024-0f57f37d78)
Provide a sorted list of directory content
--------------------------------------------------------------------------------
Update Information:
Initial epel9 package
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.05-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
0.05-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
0.05-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 0.05-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri Jan 20 2023 Fedora Release Engineering <[email protected]> - 0.05-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <[email protected]> - 0.05-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327508 - Please branch and build perl-File-DirList for EPEL 9
https://bugzilla.redhat.com/show_bug.cgi?id=2327508
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.8b-4.el9 (FEDORA-EPEL-2024-d04e7d3f0d)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue with message authentication in mod_radius.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Paul Howarth <[email protected]> - 1.3.8b-4
- Fix RADIUS Message-Authenticator verification in mod_radius
- https://github.com/proftpd/proftpd/issues/1840
- https://bugzilla.redhat.com/show_bug.cgi?id=2325448
--------------------------------------------------------------------------------
================================================================================
python-aiohttp-3.9.5-2.el9 (FEDORA-EPEL-2024-7ac44bd3cc)
Python HTTP client/server for asyncio
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2024-52304
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 3.9.5-2
- Security fix for CVE-2024-52304 (fixes RHBZ#2327152)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2327152 - CVE-2024-52304 python-aiohttp: aiohttp vulnerable to
request smuggling due to incorrect parsing of chunk extensions [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2327152
--------------------------------------------------------------------------------
================================================================================
python-typer-0.10.0-4.el9 (FEDORA-EPEL-2024-99720de217)
Build great CLIs; easy to code; based on Python type hints
--------------------------------------------------------------------------------
Update Information:
Build without python3-coverage
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 0.10.0-4
- Stub out "coverage run" well enough to drop the coverage dep.
* Tue Nov 19 2024 Benjamin A. Beasley <[email protected]> - 0.10.0-2
- Remove an Obsoletes that has served its upgrade-path purpose
--------------------------------------------------------------------------------
================================================================================
rust-avif-parse-1.3.2-1.el9 (FEDORA-EPEL-2024-117301db0a)
Parser for AVIF image files
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 1.3.2-1
- Update to version 1.3.2; Fixes RHBZ#2324374
--------------------------------------------------------------------------------
================================================================================
rust-axum-0.7.8-1.el9 (FEDORA-EPEL-2024-0030f8332b)
Web framework that focuses on ergonomics and modularity
--------------------------------------------------------------------------------
Update Information:
Update to version 0.7.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 0.7.8-1
- Update to version 0.7.8; Fixes RHBZ#2326580
--------------------------------------------------------------------------------
================================================================================
rust-clap-4.5.21-1.el9 (FEDORA-EPEL-2024-117301db0a)
Simple to use, efficient, and full-featured Command Line Argument Parser
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 4.5.21-1
- Update to version 4.5.21; Fixes RHBZ#2326005
--------------------------------------------------------------------------------
================================================================================
rust-clap_builder-4.5.21-1.el9 (FEDORA-EPEL-2024-117301db0a)
Simple to use, efficient, and full-featured Command Line Argument Parser
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 4.5.21-1
- Update to version 4.5.21; Fixes RHBZ#2326002
--------------------------------------------------------------------------------
================================================================================
rust-clap_complete-4.5.38-1.el9 (FEDORA-EPEL-2024-117301db0a)
Generate shell completion scripts for your clap::Command
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 4.5.38-1
- Update to version 4.5.38; Fixes RHBZ#2326003
--------------------------------------------------------------------------------
================================================================================
rust-clap_lex-0.7.3-1.el9 (FEDORA-EPEL-2024-117301db0a)
Minimal, flexible command line parser
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#2326004
--------------------------------------------------------------------------------
================================================================================
rust-fallible_collections-0.5.1-1.el9 (FEDORA-EPEL-2024-117301db0a)
Which adds fallible allocation api to std collections
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 0.5.1-1
- Update to version 0.5.1; Fixes RHBZ#2324311
--------------------------------------------------------------------------------
================================================================================
rust-image-0.25.5-1.el9 (FEDORA-EPEL-2024-117301db0a)
Imaging library
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 0.25.5-1
- Update to version 0.25.5; Fixes RHBZ#2319239
--------------------------------------------------------------------------------
================================================================================
rust-image-webp-0.2.0-1.el9 (FEDORA-EPEL-2024-117301db0a)
WebP encoding and decoding in pure Rust
--------------------------------------------------------------------------------
Update Information:
Update the avif-parse crate to version 1.3.2.
Update the clap and clap_builder crates to version 4.5.21.
Update the clap_complete crate to version 4.5.38.
Update the clap_lex crate to version 0.7.3.
Update the fallible_collections crate to version 0.5.1.
Update the image crate to version 0.25.5.
Update the image-webp crate to version 0.2.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 16 2024 Benjamin A. Beasley <[email protected]> - 0.2.0-1
- Update to version 0.2.0; Fixes RHBZ#2316873
--------------------------------------------------------------------------------
================================================================================
rust-insta-1.41.1-1.el9 (FEDORA-EPEL-2024-4f86779751)
Snapshot testing library for Rust
--------------------------------------------------------------------------------
Update Information:
Update rust-insta to version 1.41.1.
1.41.1
Re-release of 1.41.1 to generate release artifacts correctly.
1.41.0
Experimental support for binary snapshots.
--force-update-snapshots now causes cargo-insta to write every snapshot,
regardless of whether
snapshots fully match, and now implies --accept. This
allows for --force-update-snapshots to update inline snapshots'
delimiters and indentation.
For the previous behavior of --force-update-snapshots, which limited writes to
snapshots which didn't fully match, use --require-full-match.
The main difference between --require-full-match and the existing behavior of
--force-update-snapshots
is a non-zero exit code on any snapshots which don't fully match.
Like the previous behavior of --force-update-snapshots, --require-full-match
doesn't track inline snapshots' delimiters or
indentation, so can't update if those don't match.
Inline snapshots only use # characters as delimiters when required.
Warnings for undiscovered snapshots are more robust, and include files with
custom snapshot extensions.
Insta runs correctly on packages which reference rust files in a parent path.
Warnings are printed when any snapshot uses a legacy format.
cargo insta --version now prints a version.
insta now internally uses INSTA_UPDATE=force rather than
INSTA_FORCE_UPDATE=1. (This doesn't affect users of cargo-insta, which
handles this internally.)
cargo-insta's integration tests continue to grow over the past couple of
versions,
and now offer coverage of most of cargo-insta's interface.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 17 2024 Benjamin A. Beasley <[email protected]> - 1.41.1-1
- Update to version 1.41.1; Fixes RHBZ#2322050
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2322050 - rust-insta-1.41.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2322050
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
