The following Fedora EPEL 9 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e177aa0ddf
pam-u2f-1.3.2-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cd95859e4b
vaultwarden-1.32.7-4.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
R-Rcpp-1.0.14-1.el9
apptainer-1.4.0~rc.1-1.el9
lemonldap-ng-2.20.2-1.el9
msktutil-1.2.2-1.el9
phpMyAdmin-5.2.2-1.el9
python-damo-2.6.5-1.el9
python-mrcfile-1.5.4-1.el9
python-xapian-haystack-3.1.0-5.el9
rpminspect-data-fedora-1.15-1.el9
snapd-2.67-0.el9
Details about builds:
================================================================================
R-Rcpp-1.0.14-1.el9 (FEDORA-EPEL-2025-4a3d07816d)
Seamless R and C++ Integration
--------------------------------------------------------------------------------
Update Information:
Rcpp 1.0.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Mattias Ellert <[email protected]> - 1.0.14-1
- Update to 1.0.14
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
1.0.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
apptainer-1.4.0~rc.1-1.el9 (FEDORA-EPEL-2025-3f936f4d81)
Application and environment virtualization formerly known as Singularity
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.4.0-rc.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Dave Dykstra <[email protected]> - 1.4.0~rc.1
- Update to upstream 1.4.0-rc.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2339320 - apptainer-1.4.0-rc.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2339320
--------------------------------------------------------------------------------
================================================================================
lemonldap-ng-2.20.2-1.el9 (FEDORA-EPEL-2025-dd34d33955)
Web Single Sign On (SSO) and Access Management
--------------------------------------------------------------------------------
Update Information:
[Security][CVE-2024-52948] CSRF on 2FA registration
[Security] Open redirect vulnerability in logout
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Clement Oudot <[email protected]> - 2.20.2-1
- Update to 2.20.2
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
2.20.1-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2339165 - lemonldap-ng-2.20.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2339165
--------------------------------------------------------------------------------
================================================================================
msktutil-1.2.2-1.el9 (FEDORA-EPEL-2025-714416d32b)
Program for interoperability with Active Directory
--------------------------------------------------------------------------------
Update Information:
Improve CI
configure.ac: more robust krb5 autodetection
configure.ac: Replace obsoleted AC_CONFIG_HEADER with AC_CONFIG_HEADERS
configure.ac: fix linking with minimal LIBS
Use getnameinfo(3) instead of inet_ntop(3)
dns_lookup_kdc setting in create_fake_krb5_conf causes issue when using a
trusted domain user to creat
Fix several messages
Style fixes
Revert installation to $PREFIX/bin
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Michael Cronenworth <[email protected]> - 1.2.2-1
- Update to 1.2.2
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> - 1.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 26 2024 Miroslav Suchý <[email protected]> - 1.2-8
- convert license to SPDX
* Thu Jul 18 2024 Fedora Release Engineering <[email protected]> - 1.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> - 1.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> - 1.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <[email protected]> - 1.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-5.2.2-1.el9 (FEDORA-EPEL-2025-70d131bc6c)
A web interface for MySQL and MariaDB
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 5.2.2 is released
Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released
this sooner" release. This is primarily a bugfix release but also contains a few
security fixes as noted below.
fix possible security issue in sql-parser which could cause long execution times
that could create a DOS attack (thanks to Maximilian Krög)
fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to
bluebird)
fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent
contributor Kamil Tekiela)
fix possible security issue with library code slim/psr7 (CVE-2023-30536)
fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
fix a full path disclosure in the Monitoring tab
issue #18268 Fix UI issue the theme manager is disabled
issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie
smuggling
issue #18106 Fix renaming database with a view
issue #18120 Fix bug with numerical tables during renaming database
issue #16851 Fix ($cfg['Order']) default column order doesn't have have any
effect since phpMyAdmin 4.2.0
issue #18258 Speed improvements when exporting a database
issue #18769 Improved collations support for MariaDB 10.10
There are many, many more fixes that you can see in the ChangeLog file included
with this release or online
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Remi Collet <[email protected]> - 5.2.2-1
- update to 5.2.2 (2025-01-21, security and bugfix release)
--------------------------------------------------------------------------------
================================================================================
python-damo-2.6.5-1.el9 (FEDORA-EPEL-2025-de8dc044a2)
Data Access Monitoring Operator
--------------------------------------------------------------------------------
Update Information:
v2.6.5
damo report access: add '' snapshot format keyword
damo report access: add '' snapshot format keyword
damo report access: Show on snapshot tail by default
Code cleanup
v2.6.4
Allow more human-friendly DAMOS filter format, v2
[none] [...]
e.g., 'damo report access --snapshot_damos_filter allow none anon reject memcg
a/b/c'
Code cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Packit <[email protected]> - 2.6.5-1
- Update to 2.6.5
- Resolves rhbz#2337566
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
2.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2337566 - python-damo-2.6.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2337566
--------------------------------------------------------------------------------
================================================================================
python-mrcfile-1.5.4-1.el9 (FEDORA-EPEL-2025-035cbc4cd7)
MRC2014 file format used in structural biology to store image and volume data
--------------------------------------------------------------------------------
Update Information:
Update to 1.5.4 (fixes rhbz#2339429)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Tim Semeijn <[email protected]> - 1.5.4-1
- Update to 1.5.4 (fixes rhbz#2339429)
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
1.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-xapian-haystack-3.1.0-5.el9 (FEDORA-EPEL-2025-b34c2f115b)
A Xapian backend for Haystack
--------------------------------------------------------------------------------
Update Information:
Fix the missing auto generated dependencies
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 1 2025 Michal Konecny <[email protected]> - 3.1.0-5
- Fix the missing auto generated dependencies
--------------------------------------------------------------------------------
================================================================================
rpminspect-data-fedora-1.15-1.el9 (FEDORA-EPEL-2025-ee4c69f247)
Build deviation compliance tool data files
--------------------------------------------------------------------------------
Update Information:
Upgrade to rpminspect-data-fedora-1.15
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 David Cantrell <[email protected]> - 1:1.15-1
- Upgrade to rpminspect-data-fedora-1.15
* Tue Jan 21 2025 David Cantrell <[email protected]> - 1:1.14-1
- Upgrade to rpminspect-data-fedora-1.14
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
1:1.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
snapd-2.67-0.el9 (FEDORA-EPEL-2025-470882563a)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
The changelog date and author have been modified to maintain linearity.
Drop 0001-data-selinux-remove-timedatex.patch - applied upstream.
New upstream release 2.67
AppArmor prompting (experimental): allow overlapping rules
Registry view (experimental): Changes to registry data (from both
users and snaps) can be validated and saved by custodian snaps
Registry view (experimental): Support 'snapctl get --pristine' to
read the registry data excluding staged transaction changes
Registry view (experimental): Put registry commands behind
experimental feature flag
Components: Make modules shipped/created by kernel-modules
components available right after reboot
Components: Add tab completion for local component files
Components: Allow installing snaps and components from local files
jointly on the CLI
Components: Allow 'snapctl model' command for gadget and kernel
snaps
Components: Add 'snap components' command
Components: Bug fixes
eMMC gadget updates (WIP): add syntax support in gadget.yaml for
eMMC schema
Support for ephemeral recovery mode on hybrid systems
Support for dm-verity options in snap-bootstrap
Support for overlayfs options and allow empty what argument for
tmpfs
Enable ubuntu-image to determine the size of the disk image to
create
Expose 'snap debug' commands 'validate-seed' and 'seeding'
Add debug API option to use dedicated snap socket /run/snapd-
snap.socket
Hide experimental features that are no longer required
(accepted/rejected)
Mount ubuntu-save partition with no{exec,dev,suid} at install, run
and factory-reset
Improve memory controller support with cgroup v2
Support ssh socket activation configurations (used by ubuntu
22.10+)
Fix generation of AppArmor profile with incorrect revision during
multi snap refresh
Fix refresh app awareness related deadlock edge case
Fix not caching delta updated snap download
Fix passing non root uid, guid to initial tmpfs mount
Fix ignoring snaps in try mode when amending
Fix reloading of service activation units to avoid systemd errors
Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
updates PPA
Make killing of snap apps best effort to avoid possibility of
malicious failure loop
Alleviate impact of auto-refresh failure loop with progressive
delay
Dropped timedatex in selinux-policy to avoid runtime issue
Fix missing syscalls in seccomp profile
Modify AppArmor template to allow using SNAP_REEXEC on arch
systems
Modify AppArmor template to allow using vim.tiny (available in
base snaps)
Modify AppArmor template to add read-access to debian_version
Modify AppArmor template to allow owner to read
@{PROC}/@{pid}/sessionid
{common,personal,system}-files interface: prohibit trailing @ in
filepaths
{desktop,shutdown,system-observe,upower-observe} interface:
improve for Ubuntu Core Desktop
custom-device interface: allow @ in custom-device filepaths
desktop interface: improve launch entry and systray integration
with session
desktop-legacy interface: allow DBus access to
com.canonical.dbusmenu
fwupd interface: allow access to nvmem for thunderbolt plugin
mpris interface: add plasmashell as label
mount-control interface: add support for nfs mounts
network-{control,manager} interface: add missing dbus link rules
network-manager-observe interface: add getDevices methods
opengl interface: add Kernel Fusion Driver access to opengl
screen-inhibit-control interface: improve screen inhibit control
for use on core
udisks2 interface: allow ping of the UDisks2 service
u2f-devices interface: add Nitrokey Passkey
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Zygmunt Krynicki <[email protected]>
- The changelog date and author have been modified to maintain linearity.
- Drop 0001-data-selinux-remove-timedatex.patch - applied upstream.
- New upstream release 2.67
- AppArmor prompting (experimental): allow overlapping rules
- Registry view (experimental): Changes to registry data (from both
users and snaps) can be validated and saved by custodian snaps
- Registry view (experimental): Support 'snapctl get --pristine' to
read the registry data excluding staged transaction changes
- Registry view (experimental): Put registry commands behind
experimental feature flag
- Components: Make modules shipped/created by kernel-modules
components available right after reboot
- Components: Add tab completion for local component files
- Components: Allow installing snaps and components from local files
jointly on the CLI
- Components: Allow 'snapctl model' command for gadget and kernel
snaps
- Components: Add 'snap components' command
- Components: Bug fixes
- eMMC gadget updates (WIP): add syntax support in gadget.yaml for
eMMC schema
- Support for ephemeral recovery mode on hybrid systems
- Support for dm-verity options in snap-bootstrap
- Support for overlayfs options and allow empty what argument for
tmpfs
- Enable ubuntu-image to determine the size of the disk image to
create
- Expose 'snap debug' commands 'validate-seed' and 'seeding'
- Add debug API option to use dedicated snap socket /run/snapd-
snap.socket
- Hide experimental features that are no longer required
(accepted/rejected)
- Mount ubuntu-save partition with no{exec,dev,suid} at install, run
and factory-reset
- Improve memory controller support with cgroup v2
- Support ssh socket activation configurations (used by ubuntu
22.10+)
- Fix generation of AppArmor profile with incorrect revision during
multi snap refresh
- Fix refresh app awareness related deadlock edge case
- Fix not caching delta updated snap download
- Fix passing non root uid, guid to initial tmpfs mount
- Fix ignoring snaps in try mode when amending
- Fix reloading of service activation units to avoid systemd errors
- Fix snapd snap FIPS build on Launchpad to use Advantage Pro FIPS
updates PPA
- Make killing of snap apps best effort to avoid possibility of
malicious failure loop
- Alleviate impact of auto-refresh failure loop with progressive
delay
- Dropped timedatex in selinux-policy to avoid runtime issue
- Fix missing syscalls in seccomp profile
- Modify AppArmor template to allow using SNAP_REEXEC on arch
systems
- Modify AppArmor template to allow using vim.tiny (available in
base snaps)
- Modify AppArmor template to add read-access to debian_version
- Modify AppArmor template to allow owner to read
@{PROC}/@{pid}/sessionid
- {common,personal,system}-files interface: prohibit trailing @ in
filepaths
- {desktop,shutdown,system-observe,upower-observe} interface:
improve for Ubuntu Core Desktop
- custom-device interface: allow @ in custom-device filepaths
- desktop interface: improve launch entry and systray integration
with session
- desktop-legacy interface: allow DBus access to
com.canonical.dbusmenu
- fwupd interface: allow access to nvmem for thunderbolt plugin
- mpris interface: add plasmashell as label
- mount-control interface: add support for nfs mounts
- network-{control,manager} interface: add missing dbus link rules
- network-manager-observe interface: add getDevices methods
- opengl interface: add Kernel Fusion Driver access to opengl
- screen-inhibit-control interface: improve screen inhibit control
for use on core
- udisks2 interface: allow ping of the UDisks2 service
- u2f-devices interface: add Nitrokey Passkey
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
2.66.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 3 2024 Orion Poplawski <[email protected]>
- Drop RestartMode from snapd.service on EL8 (rhbz#2315759)
* Fri Nov 29 2024 Zygmunt Krynicki <[email protected]>
- Re-cherry pick fix for SELinux timedatex problem from upstream
as it was not released in 2.66.1, sorry.
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
