The following Fedora EPEL 9 Security updates need testing:
Age URL
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fa2b41b944
tcpreplay-4.5.2-1.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-dfc8e38f18
rust-matchers-0.2.0-1.el9 rust-tracing-subscriber-0.3.20-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-938ea797ca
checkpointctl-1.4.0-2.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
civetweb-1.16-9.el9
go-rpm-macros-epel-3.8.0-1.el9
rust-libz-rs-sys-0.5.2-1.el9
rust-zlib-rs-0.5.2-1.el9
singularity-ce-4.3.3-2.el9
snapd-2.71-0.el9
xournalpp-1.2.8-1.el9
Details about builds:
================================================================================
civetweb-1.16-9.el9 (FEDORA-EPEL-2025-0c4d46b03e)
Embedded C/C++ web server
--------------------------------------------------------------------------------
Update Information:
rhbz#2391890
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 3 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-9
- civetweb 1.16
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> - 1.16-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Wed Jul 16 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-7
- civetweb 1.16, rhbz#2380496
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> - 1.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> - 1.16-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jan 23 2024 Fedora Release Engineering <[email protected]> - 1.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> - 1.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391890 - CVE-2025-55763 civetweb: CivetWeb buffer overflow
[epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2391890
--------------------------------------------------------------------------------
================================================================================
go-rpm-macros-epel-3.8.0-1.el9 (FEDORA-EPEL-2025-a700c4990e)
Backport of certain Fedora Go RPM macros to EPEL
--------------------------------------------------------------------------------
Update Information:
Update go-rpm-macros EPEL 9 backport
This does not include the changes to the go_mod_vendor bundled Provides
dependency generator, as that file is not included in the backport package.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 4 2025 Maxwell G <[email protected]> - 3.8.0-1
- Update to 3.8.0.
--------------------------------------------------------------------------------
================================================================================
rust-libz-rs-sys-0.5.2-1.el9 (FEDORA-EPEL-2025-06f6490f75)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
Update rust-zlib-rs and rust-libz-rs-sys to 0.5.2.
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 2 2025 Benjamin A. Beasley <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#2392572
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2392572 - rust-libz-rs-sys-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392572
[ 2 ] Bug #2392594 - rust-zlib-rs-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392594
--------------------------------------------------------------------------------
================================================================================
rust-zlib-rs-0.5.2-1.el9 (FEDORA-EPEL-2025-06f6490f75)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
Update rust-zlib-rs and rust-libz-rs-sys to 0.5.2.
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 2 2025 Benjamin A. Beasley <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#2392594
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2392572 - rust-libz-rs-sys-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392572
[ 2 ] Bug #2392594 - rust-zlib-rs-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392594
--------------------------------------------------------------------------------
================================================================================
singularity-ce-4.3.3-2.el9 (FEDORA-EPEL-2025-ca25b58a98)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Use source tarball without squashfuse build artefacts.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 4 2025 David Trudgian <[email protected]> - 4.3.3-2
- Use source tarball without squashfuse build artefacts.
rhbz#2392889
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2392889 - Singularity version 4.3.2 won't update to version 4.3.3
https://bugzilla.redhat.com/show_bug.cgi?id=2392889
--------------------------------------------------------------------------------
================================================================================
snapd-2.71-0.el9 (FEDORA-EPEL-2025-4da7f7279a)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
FDE: auto-repair when recovery key is used
FDE: revoke keys on shim update
FDE: revoke old TPM keys when dbx has been updated
FDE: do not reseal FDE hook keys every time
FDE: store keys in the kernel keyring when installing from initrd
FDE: allow disabled DMA on Core
FDE: snap-bootstrap: do not check for partition in scan-disk on
CVM
FDE: support secboot preinstall check for 25.10+ hybrid installs
via the /v2/system/{label} endpoint
FDE: support generating recovery key at install time via the
/v2/systems/{label} endpoint
FDE: update passphrase quality check at install time via the
/v2/systems/{label} endpoint
FDE: support replacing recovery key at runtime via the new
/v2/system-volumes endpoint
FDE: support checking recovery keys at runtime via the /v2/system-
volumes endpoint
FDE: support enumerating keyslots at runtime via the /v2/system-
volumes endpoint
FDE: support changing passphrase at runtime via the /v2/system-
volumes endpoint
FDE: support passphrase quality check at runtime via the
/v2/system-volumes endpoint
FDE: update secboot to revision 3e181c8edf0f
Confdb: support lists and indexed paths on read and write
Confdb: alias references must be wrapped in brackets
Confdb: support indexed paths in confdb-schema assertion
Confdb: make API errors consistent with options
Confdb: fetch confdb-schema assertion on access
Confdb: prevent --previous from being used in read-side hooks
Components: fix snap command with multiple components
Components: set revision of seed components to x1
Components: unmount extra kernel-modules components mounts
AppArmor Prompting: add lifespan "session" for prompting rules
AppArmor Prompting: support restoring prompts after snapd restart
AppArmor Prompting: limit the extra information included in probed
AppArmor features and system key
Notices: refactor notice state internals
SELinux: look for restorecon/matchpathcon at all known locations
rather than current PATH
SELinux: update policy to allow watching cgroups (for RAA), and
talking to user session agents (service mgmt/refresh)
Refresh App Awareness: Fix unexpected inotify file descriptor
cleanup
snap-confine: workaround for glibc fchmodat() fallback and handle
ENOSYS
snap-confine: add support for host policy for limiting users able
to run snaps
LP: #2114923 Reject system key mismatch advise when not yet seeded
Use separate lanes for essential and non-essential snaps during
seeding and allow non-essential installs to retry
Fix bug preventing remodel from core18 to core18 when snapd snap
is unchanged
LP: #2112551 Make removal of last active revision of a snap equal
to snap remove
LP: #2114779 Allow non-gpt in fallback mode to support RPi
Switch from using systemd LogNamespace to manually controlled
journal quotas
Change snap command trace logging to only log the command names
Grant desktop-launch access to /v2/snaps
Update code for creating the snap journal stream
Switch from using core to snapd snap for snap debug connectivity
LP: #2112544 Fix offline remodel case where we switched to a
channel without an actual refresh
LP: #2112332 Exclude snap/snapd/preseeding when generating preseed
tarball
LP: #1952500 Fix snap command progress reporting
LP: #1849346 Interfaces: kerberos-tickets | add new interface
Interfaces: u2f | add support for Thetis Pro
Interfaces: u2f | add OneSpan device and fix older device
Interfaces: pipewire, audio-playback | support pipewire as system
daemon
Interfaces: gpg-keys | allow access to GPG agent sockets
Interfaces: usb-gadget | add new interface
Interfaces: snap-fde-control, firmware-updater-support | add new
interfaces to support FDE
Interfaces: timezone-control | extend to support timedatectl
varlink
Interfaces: cpu-control | fix rules for accessing IRQ sysfs and
procfs directories
Interfaces: microstack-support | allow SR-IOV attachments
Interfaces: modify AppArmor template to allow snaps to read their
own systemd credentials
Interfaces: posix-mq | allow stat on /dev/mqueue
LP: #2098780 Interfaces: log-observe | add capability
dac_read_search
Interfaces: block-devices | allow access to ZFS pools and datasets
LP: #2033883 Interfaces: block-devices | opt-in access to
individual partitions
Interfaces: accel | add new interface to support accel kernel
subsystem
Interfaces: shutdown | allow client to bind on its side of dbus
socket
Interfaces: modify seccomp template to allow pwritev2
Interfaces: modify AppArmor template to allow reading
/proc/sys/fs/nr_open
Packaging: drop snap.failure service for openSUSE
Packaging: add SELinux support for openSUSE
Packaging: disable optee when using nooptee build tag
Packaging: add support for static PIE builds in snapd.mk, drop
pie.patch from openSUSE
Packaging: add libcap2-bin runtime dependency for ubuntu-16.04
Packaging: use snapd.mk for packaging on Fedora
Packaging: exclude .git directory
Packaging: fix DPKG_PARSECHANGELOG assignment
Packaging: fix building on Fedora with dpkg installed
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 22 2025 Ernest Lotter <[email protected]>
- New upstream release 2.71
- FDE: auto-repair when recovery key is used
- FDE: revoke keys on shim update
- FDE: revoke old TPM keys when dbx has been updated
- FDE: do not reseal FDE hook keys every time
- FDE: store keys in the kernel keyring when installing from initrd
- FDE: allow disabled DMA on Core
- FDE: snap-bootstrap: do not check for partition in scan-disk on
CVM
- FDE: support secboot preinstall check for 25.10+ hybrid installs
via the /v2/system/{label} endpoint
- FDE: support generating recovery key at install time via the
/v2/systems/{label} endpoint
- FDE: update passphrase quality check at install time via the
/v2/systems/{label} endpoint
- FDE: support replacing recovery key at runtime via the new
/v2/system-volumes endpoint
- FDE: support checking recovery keys at runtime via the /v2/system-
volumes endpoint
- FDE: support enumerating keyslots at runtime via the /v2/system-
volumes endpoint
- FDE: support changing passphrase at runtime via the /v2/system-
volumes endpoint
- FDE: support passphrase quality check at runtime via the
/v2/system-volumes endpoint
- FDE: update secboot to revision 3e181c8edf0f
- Confdb: support lists and indexed paths on read and write
- Confdb: alias references must be wrapped in brackets
- Confdb: support indexed paths in confdb-schema assertion
- Confdb: make API errors consistent with options
- Confdb: fetch confdb-schema assertion on access
- Confdb: prevent --previous from being used in read-side hooks
- Components: fix snap command with multiple components
- Components: set revision of seed components to x1
- Components: unmount extra kernel-modules components mounts
- AppArmor Prompting: add lifespan "session" for prompting rules
- AppArmor Prompting: support restoring prompts after snapd restart
- AppArmor Prompting: limit the extra information included in probed
AppArmor features and system key
- Notices: refactor notice state internals
- SELinux: look for restorecon/matchpathcon at all known locations
rather than current PATH
- SELinux: update policy to allow watching cgroups (for RAA), and
talking to user session agents (service mgmt/refresh)
- Refresh App Awareness: Fix unexpected inotify file descriptor
cleanup
- snap-confine: workaround for glibc fchmodat() fallback and handle
ENOSYS
- snap-confine: add support for host policy for limiting users able
to run snaps
- LP: #2114923 Reject system key mismatch advise when not yet seeded
- Use separate lanes for essential and non-essential snaps during
seeding and allow non-essential installs to retry
- Fix bug preventing remodel from core18 to core18 when snapd snap
is unchanged
- LP: #2112551 Make removal of last active revision of a snap equal
to snap remove
- LP: #2114779 Allow non-gpt in fallback mode to support RPi
- Switch from using systemd LogNamespace to manually controlled
journal quotas
- Change snap command trace logging to only log the command names
- Grant desktop-launch access to /v2/snaps
- Update code for creating the snap journal stream
- Switch from using core to snapd snap for snap debug connectivity
- LP: #2112544 Fix offline remodel case where we switched to a
channel without an actual refresh
- LP: #2112332 Exclude snap/snapd/preseeding when generating preseed
tarball
- LP: #1952500 Fix snap command progress reporting
- LP: #1849346 Interfaces: kerberos-tickets | add new interface
- Interfaces: u2f | add support for Thetis Pro
- Interfaces: u2f | add OneSpan device and fix older device
- Interfaces: pipewire, audio-playback | support pipewire as system
daemon
- Interfaces: gpg-keys | allow access to GPG agent sockets
- Interfaces: usb-gadget | add new interface
- Interfaces: snap-fde-control, firmware-updater-support | add new
interfaces to support FDE
- Interfaces: timezone-control | extend to support timedatectl
varlink
- Interfaces: cpu-control | fix rules for accessing IRQ sysfs and
procfs directories
- Interfaces: microstack-support | allow SR-IOV attachments
- Interfaces: modify AppArmor template to allow snaps to read their
own systemd credentials
- Interfaces: posix-mq | allow stat on /dev/mqueue
- LP: #2098780 Interfaces: log-observe | add capability
dac_read_search
- Interfaces: block-devices | allow access to ZFS pools and datasets
- LP: #2033883 Interfaces: block-devices | opt-in access to
individual partitions
- Interfaces: accel | add new interface to support accel kernel
subsystem
- Interfaces: shutdown | allow client to bind on its side of dbus
socket
- Interfaces: modify seccomp template to allow pwritev2
- Interfaces: modify AppArmor template to allow reading
/proc/sys/fs/nr_open
- Packaging: drop snap.failure service for openSUSE
- Packaging: add SELinux support for openSUSE
- Packaging: disable optee when using nooptee build tag
- Packaging: add support for static PIE builds in snapd.mk, drop
pie.patch from openSUSE
- Packaging: add libcap2-bin runtime dependency for ubuntu-16.04
- Packaging: use snapd.mk for packaging on Fedora
- Packaging: exclude .git directory
- Packaging: fix DPKG_PARSECHANGELOG assignment
- Packaging: fix building on Fedora with dpkg installed
* Fri Aug 15 2025 Maxwell G <[email protected]> - 2.70-3
- Rebuild for golang-1.25.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 2.70-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xournalpp-1.2.8-1.el9 (FEDORA-EPEL-2025-ed51a55796)
Handwriting note-taking software with PDF annotation support
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 4 2025 Luya Tshimbalanga <[email protected]> - 1.2.8-1
- Update to 1.2.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2372295 - [abrt] xournalpp: syscall(): xournalpp killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2372295
[ 2 ] Bug #2392622 - xournalpp-1.2.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2392622
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
