[EPEL-devel] Fedora EPEL 10.0 updates-testing report

[updates]

The following Fedora EPEL 10.0 Security updates need testing:
 Age  URL
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-4beca7920f   
sfnt2woff-zopfli-1.3.1-15.el10_0
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-0214963772   
woff-0.20091126-47.el10_0


The following builds have been pushed to Fedora EPEL 10.0 updates-testing

    bird-3.1.1-1.el10_0
    cube-4.9-1.el10_0
    python-watchfiles-1.0.4-5.el10_0
    rust-boxcar-0.2.12-1.el10_0

Details about builds:


================================================================================
 bird-3.1.1-1.el10_0 (FEDORA-EPEL-2025-bb96f12e51)
 BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:

Migrating from BIRD 2 to BIRD 3
Pretty much any BIRD 2.x configuration should be reusable with BIRD 3.1.x
without changes
Configuration changes, similar as those required between minor releases in the
past, may still be required
See also: https://gitlab.nic.cz/labs/bird/-/blob/stable-v3.1/doc/migration-
bird3.md
Please pay attention to possible warnings or errors; it might look like this:
[0001] <WARN> /etc/bird.conf:179:1: Missing authentication option, assuming MD5
You also can run e.g. bird -c /etc/bird.conf -p manually. Here it's a warning,
and while a configuration change might not be mandatory, it's still recommented:
For the above example warning, the configuration file /etc/bird.conf looks like
this:
protocol bgp isp1 from bgp6 {
  neighbor 2001:db8::179 port 179 as 64496;
  authentication md5;  # New configuration option introduced with BIRD 3
  password "MD5_auth3nt!catiOn";
}
To avoid the warning, the newly introduced configuration option authentication
md5; needs to be added as demonstrated in the example configuration above.
BIRD 3.1.1 (2025-05-13)
Makefile: Fix accidentally added dry-run markers
BGP: Fix route refresh behavior
BGP: Fix reconfiguration of import behavior modifiers
BGP: Fix crash on too long export
Conf: Fix invalid check in text_or_ipa grammar
Netlink: Fix FreeBSD build error
Fix use-after-free in thread group reconfiguration
Fix CentOS 7 and NetBSD build
Fix several crashes in table export (already fixed in 3.0.2)
Fix crash on graceful restart of a channel with ROA subscription
Lots of internal tooling and CI updates
BIRD 3.1.0 (2025-04-01)
CLI v2 compatibility layer for show route
Thread configuration rework
Merged 2.17
BIRD 3.0.2 (2025-04-01)
Multiple route propagation crash fixes
BGP export table route source leak
Kernel export of source.specific routes fix
Filter gw setting fix
Merged 2.16.2
BIRD 3.0.1 (2025-01-10)
BGP: Fixed crash in dynamic spawn
BGP: Fixed crash in graceful recovery
BGP: Fixed crash with deterministic med
BGP: Renamed the otc attribute to bgp_otc
BFD: Fixed crash in session reconfiguration
Kernel: Fixed crash with merged paths
Kernel: Simplified initial scan
Tables: Fixed old best route propagation
Tables: Fixed debug configuration propagation
Tables: Fixed initial feeds
CLI: Fixed buffer allocation heap bloating
Reduced route attribute normalization heap bloating
Merged 2.16.1
BIRD 3.0.0 (2024-12-17)
from 2.16
Multithreaded execution
Decoupled exports from imports
Unified route attribute names
Slightly different log format
Separate reload command for filters and protocols
BGP: Export tables show the state as on wire
Lots of internal changes
from 3.0alpha3
Merged changes from 2.16
BMP and MRT converted to the new API and working
Internal protocol state journal
Optimized table journal cleanup
Fixed show route export
Fixed minor bugs
BIRD 3.0alpha3 (2024-07-01)
Merged 2.15.1
Fixed major issues with channel reloads
Fixed data inconsistencies in many corner cases
Fixed internal scheduler corner cases
MRT and BMP still switched off
Expected one more alpha before stable
BIRD 3.0alpha2 (2023-05-11)
Fixed memory leaks and use-after free bugs
Simple thread work balancing
MRT switched off
Slow kernel route synchronization to be fixed later
BIRD 3.0alpha1 (2023-04-18)
Worker threads for BGP, Pipe, RPKI and BFD
Configurable number of threads
Asynchronous route export
Flat attribute structure
Inline import tables
Export tables merged with BGP prefix / attribute buckets
Fixed ROA check locking inversion in route table dumps
MRT switched off
BIRD 3.0-alpha0 (2022-02-07)
Removal of fixed protocol-specific route attributes
Asynchronous route export
Explicit table import / export hooks
Partially lockless route attribute cache
Thread-safe resource management
Thread-safe interface notifications
Thread-safe protocol API
Adoption of BFD IO loop for general use
Parallel Pipe protocol
Parallel RPKI protocol
Parallel BGP protocol
Lots of refactoring
Bugfixes and improvements as they came along
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 13 2025 Robert Scheck <rob...@fedoraproject.org> - 3.1.1-1
- Upgrade to 3.1.1 (#2332837)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2332837 - bird-3.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2332837
--------------------------------------------------------------------------------


================================================================================
 cube-4.9-1.el10_0 (FEDORA-EPEL-2025-0e70e43e21)
 CUBE Uniform Behavioral Encoding generic presentation component
--------------------------------------------------------------------------------
Update Information:

New package.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2025 Dave Love <lovesh...@fedoraproject.org> - 4.9-1
- Update to v4.9
- Remove el7 support
* Thu Apr 24 2025 Jan Andre Reuter <j.reu...@fz-juelich.de> - 4.8.2-6
- Fix bash-completion (rhbz#2315798)
* Thu Jan 16 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jul 17 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jan 24 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Sep 18 2023 Dave Love <lovesh...@fedoraproject.org> - 4.8.2-1
- Update to v4.8.2
- Drop patch
* Wed Jul 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 python-watchfiles-1.0.4-5.el10_0 (FEDORA-EPEL-2025-1a4bc4b670)
 Simple, modern and high performance file watching and code reload in python
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2025-4574 (fix RHBZ#2366569)
The package was rebuilt with rust-crossbeam-channel 0.5.15.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 15 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.0.4-5
- Security fix for CVE-2025-4574 (fix RHBZ#2366569)
- The package was rebuilt with rust-crossbeam-channel 0.5.15.
* Thu May 15 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1.0.4-4
- Assert that .dist-info contains license files
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2366569 - CVE-2025-4574 python-watchfiles: crossbeam-channel 
Vulnerable to Double Free on Drop [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2366569
--------------------------------------------------------------------------------


================================================================================
 rust-boxcar-0.2.12-1.el10_0 (FEDORA-EPEL-2025-905d9e0754)
 Concurrent, append-only vector
--------------------------------------------------------------------------------
Update Information:

Update to version 0.2.12; the loom dependency was made optional.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 15 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.2.12-1
- Update to version 0.2.12; Fixes RHBZ#2366484
* Thu May 15 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.2.11-3
- Patch out criterion in the metadata patch rather than using tomcli
* Mon May 12 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 0.2.11-2
- Remove no-longer-necessary .rpmlintrc file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2366484 - rust-boxcar-0.2.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2366484
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue