[EPEL-devel] Fedora EPEL 9 updates-testing report

[updates]

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5c25fd8e2d   
roundcubemail-1.5.10-1.el9
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1994b4dec7   
seamonkey-2.53.21-1.el9
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f9b95079ea   
yarnpkg-1.22.22-8.el9
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-66a01bfb0d   
valkey-8.0.3-3.el9
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-ead5908650   
python-django4.2-4.2.22-1.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    distcc-3.4-9.el9
    kea-2.6.3-1.el9
    mold-2.40.1-1.el9
    parsertl17-1.2.0-1.el9
    pythoncapi-compat-0^20250609gitffae0ff-1.el9
    salt3006-3006.11-1.el9

Details about builds:


================================================================================
 distcc-3.4-9.el9 (FEDORA-EPEL-2025-028275d127)
 Distributed C/C++ compilation
--------------------------------------------------------------------------------
Update Information:

Initial EL-9 build
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  2 2025 Python Maint <python-ma...@redhat.com> - 3.4-9
- Rebuilt for Python 3.14
* Thu Jan 16 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Oct 21 2024 Gwyn Ciesla <gw...@protonmail.com> - 3.4-7
- Patch for Py_ssize_t
* Wed Jul 17 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jun  7 2024 Python Maint <python-ma...@redhat.com> - 3.4-5
- Rebuilt for Python 3.13
* Tue Feb 13 2024 Gwyn Ciesla <gw...@protonmail.com> - 3.4-4
- Disable LTO to fix distccmon-gnome crash, 2263992.
* Wed Jan 24 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan  5 2024 Gwyn Ciesla <gw...@protonmail.com> - 3.4-1
- 3.4
* Wed Jul 19 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
3.3.5-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Python Maint <python-ma...@redhat.com> - 3.3.5-14
- Rebuilt for Python 3.12
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2370615 - Please branch and build distcc and distcc-server in epel9
        https://bugzilla.redhat.com/show_bug.cgi?id=2370615
--------------------------------------------------------------------------------


================================================================================
 kea-2.6.3-1.el9 (FEDORA-EPEL-2025-a36cdc1182)
 DHCPv4, DHCPv6 and DDNS server from ISC
--------------------------------------------------------------------------------
Update Information:

New version 2.6.3 (rhbz#2368989)
Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
kea.conf: Remove /tmp/ from socket-name for existing configurations
kea.conf: Set pseudo-random password for default config to secure fresh install
and allow CA startup without user intervention
kea.conf: Restrict directory permissions
Sync service files with upstream
Fix leases ownership when switching from root to kea user (rhbz#2324168)
Release Notes:
The new default configuration file, kea-ctrl-agent.conf, introduces an
authentication setting, "password-file", which restricts access to the REST API.
On Fedora, the kea-api-password file is automatically populated with a pseudo-
random password to secure new installations.
For system upgrades, it is strongly recommended to update any custom
configurations to restrict access to the REST API.
For more details, including information on CVE fixes and incompatible changes,
refer to the upstream release notes:
https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  9 2025 Martin Osvald <mosv...@redhat.com> - 2.6.3-1
- New version 2.6.3 (rhbz#2368989)
- Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
- kea.conf: Remove /tmp/ from socket-name for existing configurations
- kea.conf: Set pseudo-random password for default config to secure fresh 
install and allow CA startup without user intervention
- kea.conf: Restrict directory permissions
- Sync service files with upstream
- Fix leases ownership when switching from root to kea user (rhbz#2324168)
- Add Keama migration utility (rhbz#2250608)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2324168 - System update from F40 to F41: kea-dhcp unusable
        https://bugzilla.redhat.com/show_bug.cgi?id=2324168
  [ 2 ] Bug #2368989 - kea-2.6.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2368989
  [ 3 ] Bug #2369335 - CVE-2025-32803 kea: Insecure file permissions can result 
in confidential information leakage [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2369335
  [ 4 ] Bug #2369381 - CVE-2025-32801 kea: Loading a malicious hook library can 
lead to local privilege escalation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2369381
  [ 5 ] Bug #2370277 - CVE-2025-32802 kea: Insecure handling of file paths 
allows multiple local attacks [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2370277
--------------------------------------------------------------------------------


================================================================================
 mold-2.40.1-1.el9 (FEDORA-EPEL-2025-bf0cba8c99)
 A Modern Linker
--------------------------------------------------------------------------------
Update Information:

Update to 2.40.1 (#2371058)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  9 2025 Christoph Erhardt <fed...@sicherha.de> - 2.40.1-1
- Update to 2.40.1 (#2371058)
* Mon Jun  9 2025 Christoph Erhardt <fed...@sicherha.de> - 2.40.0-2
- Do not rely on `alternatives` path
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2371058 - mold-2.40.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2371058
--------------------------------------------------------------------------------


================================================================================
 parsertl17-1.2.0-1.el9 (FEDORA-EPEL-2025-f105fc575e)
 The Modular Parser Generator
--------------------------------------------------------------------------------
Update Information:

Update to 1.2.0: add line_column
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  9 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 1:1.2.0-1
- Update to 1.2.0 (close RHBZ#2370999)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2370999 - parsertl17-1.2.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2370999
--------------------------------------------------------------------------------


================================================================================
 pythoncapi-compat-0^20250609gitffae0ff-1.el9 (FEDORA-EPEL-2025-4f7bb9de8f)
 Python C API compatibility
--------------------------------------------------------------------------------
Update Information:

Update to 0^20250609gitffae0ff
Add PyUnicodeWriter_WriteASCII()
Update to 0^20250603gitfd34d34
Add PySys_GetAttr() function
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  9 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 
0^20250609gitffae0ff-1
- Update to 0^20250609gitffae0ff
- Add `PyUnicodeWriter_WriteASCII()`
* Wed Jun  4 2025 Benjamin A. Beasley <c...@musicinmybrain.net> - 
0^20250603gitfde4d34-1
- Update to 0^20250603gitfd34d34
- Add `PySys_GetAttr()` function
--------------------------------------------------------------------------------


================================================================================
 salt3006-3006.11-1.el9 (FEDORA-EPEL-2025-6ba52391d1)
 A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:

This update contains various bugfixes to the 3006 LTS.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun  9 2025 Robby Callicotte <rcallico...@fedoraproject.org> - 3006.11-1
- Updated to 3006.11
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue