The following Fedora EPEL 8 Security updates need testing:
Age URL
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-a3c235642b
trafficserver-9.2.9-1.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
AMF-1.4.36.0-1.el8
gcc-epel-8.5.0-25.el8
mold-2.37.1-1.el8
ncdu-1.22-1.el8
radare2-5.9.8-7.el8
unrealircd-6.1.10-1.el8
Details about builds:
================================================================================
AMF-1.4.36.0-1.el8 (FEDORA-EPEL-2025-7d6862c6bc)
Advanced Media Framework (AMF) SDK
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.36.0.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 8 2025 Simone Caronni <[email protected]> - 1.4.36.0-1
- Update to 1.4.36.0
--------------------------------------------------------------------------------
================================================================================
gcc-epel-8.5.0-25.el8 (FEDORA-EPEL-2025-72bde1bf7d)
Various compilers (C, C++, Objective-C, ...)
--------------------------------------------------------------------------------
Update Information:
backport from 8.5.0-23: rebuild for CVE-2020-11023 (RHEL-78274)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 8 2025 Robert Scheck <[email protected]> 8.5.0-25
- disable bootstrap mode and rebuild using gcc-epel-8.5.0-24.el8
* Sat Mar 8 2025 Robert Scheck <[email protected]> 8.5.0-24
- backport from 8.5.0-23: rebuild for CVE-2020-11023 (RHEL-78274)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350609 - GCC-GNAT 8.5.0-23 is obselete
https://bugzilla.redhat.com/show_bug.cgi?id=2350609
--------------------------------------------------------------------------------
================================================================================
mold-2.37.1-1.el8 (FEDORA-EPEL-2025-5da9635216)
A Modern Linker
--------------------------------------------------------------------------------
Update Information:
Update to 2.37.1 (#2350273)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 7 2025 Christoph Erhardt <[email protected]> - 2.37.1-1
- Update to 2.37.1 (#2350273)
* Sun Feb 2 2025 Christoph Erhardt <[email protected]> - 2.36.0-4
- Fix static PIE on aarch64 (rhbz#2340876)
* Fri Jan 24 2025 Christoph Erhardt <[email protected]> - 2.36.0-3
- Skip broken unit tests on s390x (rhbz#2340876)
* Fri Jan 17 2025 Fedora Release Engineering <[email protected]> -
2.36.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350273 - mold-2.37.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350273
--------------------------------------------------------------------------------
================================================================================
ncdu-1.22-1.el8 (FEDORA-EPEL-2025-896926680e)
Text-based disk usage viewer
--------------------------------------------------------------------------------
Update Information:
Update to 1.22 (released 2025-03-05). Changes in this version:
Add support for @-prefixed lines to ignore errors in config file (from 2.8)
List all supported options in --help (from 2.8)
Use kB instead of KB in --si mode (from 2.8)
Add --graph-style option (from 2.1)
Fix supported range of uid/gid numbers
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 8 2025 Richard Fearn <[email protected]> - 1.22-1
- Update to 1.22 (#2350431)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2350431 - ncdu-1.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2350431
--------------------------------------------------------------------------------
================================================================================
radare2-5.9.8-7.el8 (FEDORA-EPEL-2025-b5b47ab7b3)
The reverse engineering framework
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2025-1744 and CVE-2025-1864
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 7 2025 Michal Ambroz <[email protected]> - 5.9.8-7
- RPMAUTOSPEC: unresolvable merge
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2348979 - CVE-2025-1744 radare2: Out-of-bounds Write in radare2
[fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2348979
[ 2 ] Bug #2349509 - CVE-2025-1864 radare2: Buffer Overflow and Potential
Code Execution in Radare2 [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2349509
--------------------------------------------------------------------------------
================================================================================
unrealircd-6.1.10-1.el8 (FEDORA-EPEL-2025-d03553e984)
Open Source IRC server
--------------------------------------------------------------------------------
Update Information:
UnrealIRCd 6.1.10
This is mostly a maintenance release with a few small new features.
Enhancements
In the spamfilter { } block two new options:
input-conversion: This can be set to none to make the spamfilter run against the
original text. This in contrast to how default spamfilter behaves where the text
is matched against text that has color and control codes removed. Can be useful
if you need to match against such a special character.
show-message-content-on-hit: this works like set::show-message-content-on-hit,
but on an individual spamfilter basis.
If unrealircd.conf doesn't exist then upstream now offers to copy the example
configuration (showing a list of languages to pick from).
Changes
Update the example configuration:
Mark specific sections with "CHANGE THIS" for people who are in a hurry and
really only want to do the bare minimum to get the IRCd booted.
More things are commented out by default, like example link blocks and ulines.
In addition to the the default ircd.log text file log block, also add a JSON log
block. JSON logging includes a lot of information about every event so is great
for auditing purposes and machine readable.
Error on some more duplicate config items, e.g. allow::password.
In target-flood log messages upstream now shows the message type (e.g. PRIVMSG).
Fixes
Fix compile problems on (upcoming) GCC 15 as it assumes C23 by default. This for
future Fedora 42 and possibly Ubuntu 25.04, both scheduled around April 2025.
Fix crash on SPAMREPORT <ip> (IRCOp-only command) if the central-blocklist
module is loaded.
Fix make_channel() not checking minimal validity of channel names. Only an issue
for (bad) trusted remote server traffic.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 8 2025 Robert Scheck <[email protected]> 6.1.10-1
- Upgrade to 6.1.10 (#2345958)
* Sat Feb 1 2025 Björn Esser <[email protected]> - 6.1.9.1-3
- Add explicit BR: libxcrypt-devel
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
6.1.9.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2345958 - unrealircd-6.1.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2345958
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
