[EPEL-devel] Fedora EPEL 10.1 updates-testing report

updates Wed, 01 Oct 2025 08:27:57 -0700

The following Fedora EPEL 10.1 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9b9bfff5fa   
rust-astral-tokio-tar-0.5.5-1.el10_1 uv-0.8.11-4.el10_1
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-14fc89bc9b   
mupdf-1.25.4-3.el10_1
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-d036e499d7   
apptainer-1.4.3-1.el10_1



The following builds have been pushed to Fedora EPEL 10.1 updates-testing

    copr-cli-2.3-1.el10_1
    intel-vpl-gpu-rt-25.3.4-1.el10_1
    jupyterlab-4.4.9-1.el10_1
    openbgpd-8.9-1.el10_1
    opendmarc-1.4.2-33.el10_1
    php-pecl-mailparse-3.1.9-1.el10_1
    pipx-1.8.0-1.el10_1
    python-copr-2.4-1.el10_1
    python-google-auth-2.41.0-1.el10_1
    python-kubernetes-34.1.0-2.el10_1
    rust-rkyv-0.8.12-1.el10_1
    rust-rkyv_derive-0.8.12-1.el10_1
    webkitgtk-2.50.0-3.el10_1

Details about builds:


================================================================================
 copr-cli-2.3-1.el10_1 (FEDORA-EPEL-2025-f81dd0c584)
 Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 29 2025 Jakub Kadlcik <[email protected]> 2.3-1
- Drop support for building modules
--------------------------------------------------------------------------------


================================================================================
 intel-vpl-gpu-rt-25.3.4-1.el10_1 (FEDORA-EPEL-2025-61a5fb6d46)
 Intel Video Processing Library (Intel VPL) GPU Runtime
--------------------------------------------------------------------------------
Update Information:

Updateto 25.3.4.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 29 2025 Simone Caronni <[email protected]> - 25.3.4-1
- Update to 25.3.4
--------------------------------------------------------------------------------


================================================================================
 jupyterlab-4.4.9-1.el10_1 (FEDORA-EPEL-2025-bed44ab65a)
 JupyterLab computational environment
--------------------------------------------------------------------------------
Update Information:

Update to 4.4.9 (rhbz#2398238)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Sep 27 2025 Lumir Balhar <[email protected]> - 4.4.9-1
- Update to 4.4.9 (rhbz#2398238)
* Fri Sep 26 2025 Lumir Balhar <[email protected]> - 4.4.8-1
- Update to 4.4.8 (rhbz#2398238)
* Fri Sep 19 2025 Python Maint <[email protected]> - 4.4.7-2
- Rebuilt for Python 3.14.0rc3 bytecode
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2399841 - CVE-2025-59842 jupyterlab: JupyterLab LaTeX typesetter 
links did not enforce `noopener` attribute [epel-10]
        https://bugzilla.redhat.com/show_bug.cgi?id=2399841
--------------------------------------------------------------------------------


================================================================================
 openbgpd-8.9-1.el10_1 (FEDORA-EPEL-2025-105e885661)
 OpenBGPD Routing Daemon
--------------------------------------------------------------------------------
Update Information:

OpenBGPD 8.9
In verbose mode log the NOTIFICATION data for UPDATE errors.
Fix a busy loop error in the pfkey handling for OpenBSD and FreeBSD.
Introduce monotime - an internal time API using micorsecond resolution.
Fix accounting of the pending update counter
Use new ibufq interface instead of handrolling the same.
Large refactoring of internal APIs to make the code easier to share and cleaner.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Robert Scheck <[email protected]> 8.9-1
- Upgrade to 8.9 (#2399642)
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> - 8.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2399642 - openbgpd-8.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2399642
--------------------------------------------------------------------------------


================================================================================
 opendmarc-1.4.2-33.el10_1 (FEDORA-EPEL-2025-31cde20181)
 A DMARC milter and library
--------------------------------------------------------------------------------
Update Information:

Commit https://src.fedoraproject.org/rpms/opendmarc/c/c8a9332c3cc0fddd78adc3af06
eb542e1050e627 broke correct libspf2 detection. Remove that patch and provide a
better fix.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Mikel Olasagasti Uranga <[email protected]> - 1.4.2-33
- Fix LIBSPF2 detection - Closes rhbz#2399960
* Thu Jul 24 2025 Fedora Release Engineering <[email protected]> - 
1.4.2-32
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jul 17 2025 Michal Schorm <[email protected]> - 1.4.2-31
- Disable i686 on Fedora >= 43
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2399960 - opendmarc compile no longer uses libspf2 even when told 
to
        https://bugzilla.redhat.com/show_bug.cgi?id=2399960
--------------------------------------------------------------------------------


================================================================================
 php-pecl-mailparse-3.1.9-1.el10_1 (FEDORA-EPEL-2025-cd612c172f)
 PHP PECL package for parsing and working with email messages
--------------------------------------------------------------------------------
Update Information:

Version 3.1.9
use Zend/zend_smart_string.h for PHP 8.5
Fix memory leak
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Remi Collet <[email protected]> - 3.1.9-1
- update to 3.1.9
- add pie virtual provides
--------------------------------------------------------------------------------


================================================================================
 pipx-1.8.0-1.el10_1 (FEDORA-EPEL-2025-4358f25604)
 Install and run Python applications in isolated environments
--------------------------------------------------------------------------------
Update Information:

Update to 1.8.0 upstream release
https://github.com/pypa/pipx/releases/tag/1.8.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Packit <[email protected]> - 1.8.0-1
- Update to 1.8.0 upstream release
- Resolves: rhbz#2400410
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2400410 - pipx-1.8.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2400410
--------------------------------------------------------------------------------


================================================================================
 python-copr-2.4-1.el10_1 (FEDORA-EPEL-2025-f81dd0c584)
 Python interface for Copr
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 29 2025 Jakub Kadlcik <[email protected]> 2.4-1
- Drop support for building modules
--------------------------------------------------------------------------------


================================================================================
 python-google-auth-2.41.0-1.el10_1 (FEDORA-EPEL-2025-799954e2a2)
 Google Auth Python Library
--------------------------------------------------------------------------------
Update Information:

Update python-google-auth to 2.41.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Sep 29 2025 Fedora Release Monitoring 
<[email protected]> - 1:2.41.0-1
- Update to 2.41.0 (#2400375)
* Fri Sep 19 2025 Python Maint <[email protected]> - 1:2.40.3-6
- Rebuilt for Python 3.14.0rc3 bytecode
* Sat Aug 30 2025 Benjamin A. Beasley <[email protected]> - 1:2.40.3-5
- Patch to allow cachetools 6; fixes RHBZ#2390999, fixes RHBZ#2391729
* Fri Aug 15 2025 Python Maint <[email protected]> - 1:2.40.3-4
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
1:2.40.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jun  6 2025 Python Maint <[email protected]> - 1:2.40.3-2
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2396790 - python-google-auth: Please rebuild in Fedora 43
        https://bugzilla.redhat.com/show_bug.cgi?id=2396790
  [ 2 ] Bug #2400375 - python-google-auth-2.41.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2400375
--------------------------------------------------------------------------------


================================================================================
 python-kubernetes-34.1.0-2.el10_1 (FEDORA-EPEL-2025-e7bb0d432e)
 Python client for the kubernetes API.
--------------------------------------------------------------------------------
Update Information:

Update python-kubernetes to 34.1.0
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Fedora Release Monitoring 
<[email protected]> - 1:34.1.0-2
- Drop urllib3 upper limit so the package can be installed, 
https://github.com/kubernetes-client/python/issues/2458
* Mon Sep 29 2025 Fedora Release Monitoring 
<[email protected]> - 1:34.1.0-1
- Update to 34.1.0 (#2371315)
* Fri Sep 19 2025 Python Maint <[email protected]> - 1:32.0.1-5
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <[email protected]> - 1:32.0.1-4
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
1:32.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun  3 2025 Python Maint <[email protected]> - 1:32.0.1-2
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2371315 - python-kubernetes-34.1.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2371315
--------------------------------------------------------------------------------


================================================================================
 rust-rkyv-0.8.12-1.el10_1 (FEDORA-EPEL-2025-e0778e5146)
 Zero-copy deserialization framework for Rust
--------------------------------------------------------------------------------
Update Information:

Update rkyv/rkyv_derive to 0.8.12
https://github.com/rkyv/rkyv/compare/1a12f62a66927462e421fd554cbe9add48d9fdc0...
ef1d1b54ca9d69a5ff827d5805254894628517fc
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to version 0.8.21; Fixes RHBZ#2385246
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
0.8.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2385246 - rust-rkyv-0.8.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2385246
  [ 2 ] Bug #2385247 - rust-rkyv_derive-0.8.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2385247
--------------------------------------------------------------------------------


================================================================================
 rust-rkyv_derive-0.8.12-1.el10_1 (FEDORA-EPEL-2025-e0778e5146)
 Derive macro for rkyv
--------------------------------------------------------------------------------
Update Information:

Update rkyv/rkyv_derive to 0.8.12
https://github.com/rkyv/rkyv/compare/1a12f62a66927462e421fd554cbe9add48d9fdc0...
ef1d1b54ca9d69a5ff827d5805254894628517fc
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to version 0.8.12; Fixes RHBZ#2385247
- Fix CRLF-terminated source files
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
0.8.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2385246 - rust-rkyv-0.8.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2385246
  [ 2 ] Bug #2385247 - rust-rkyv_derive-0.8.12 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2385247
--------------------------------------------------------------------------------


================================================================================
 webkitgtk-2.50.0-3.el10_1 (FEDORA-EPEL-2025-862f09d922)
 GTK web content engine library
--------------------------------------------------------------------------------
Update Information:

Merge remote-tracking branch 'origin/rawhide' into epel10.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 18 2025 Michael Catanzaro <[email protected]> - 2.50.0-2
- Fix build on i686
* Wed Sep 17 2025 Michael Catanzaro <[email protected]> - 2.50.0-1
- Update to 2.50.0
* Tue Sep  2 2025 Michael Catanzaro <[email protected]> - 2.49.90-1
- Update to 2.49.90
* Mon Aug  4 2025 Michael Catanzaro <[email protected]> - 2.49.4-2
- Add patch to fix build without bmalloc
* Sun Aug  3 2025 Michael Catanzaro <[email protected]> - 2.49.4-1
- Update to 2.49.4
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> - 
2.49.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jun 27 2025 Michael Catanzaro <[email protected]> - 2.49.3-1
- Update to 2.49.3
* Wed Jun 11 2025 Michael Catanzaro <[email protected]> - 2.49.2-7
- Fix small scale factor in GTK 3 apps
* Tue Jun  3 2025 Michael Catanzaro <[email protected]> - 2.49.2-6
- Fix build on s390x
* Mon Jun  2 2025 Michael Catanzaro <[email protected]> - 2.49.2-5
- Another attempt to fix build on non-x86_64
* Mon Jun  2 2025 Michael Catanzaro <[email protected]> - 2.49.2-4
- Another attempt to fix build on non-x86_64
* Sun Jun  1 2025 Michael Catanzaro <[email protected]> - 2.49.2-3
- Another attempt to fix build on non-x86_64
* Sat May 31 2025 Michael Catanzaro <[email protected]> - 2.49.2-2
- Attempt to fix build on i686 and s390x
* Fri May 30 2025 Michael Catanzaro <[email protected]> - 2.49.2-1
- Update to 2.49.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2386381 - CVE-2025-43265 webkitgtk: Processing maliciously crafted 
web content may disclose internal states of the app [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386381
  [ 2 ] Bug #2386402 - CVE-2025-31278 webkitgtk: Processing maliciously crafted 
web content may lead to memory corruption [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386402
  [ 3 ] Bug #2386407 - CVE-2025-31273 webkitgtk: Processing maliciously crafted 
web content may lead to memory corruption [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386407
  [ 4 ] Bug #2386412 - CVE-2025-24189 webkitgtk: Processing maliciously crafted 
web content may lead to memory corruption [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386412
  [ 5 ] Bug #2386418 - CVE-2025-6558 webkitgtk: Chromium insufficient 
validation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386418
  [ 6 ] Bug #2386573 - CVE-2025-43228 webkitgtk: Visiting a malicious website 
may lead to address bar spoofing [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2386573
  [ 7 ] Bug #2397878 - CVE-2025-43368 webkitgtk: Processing maliciously crafted 
web content may lead to an unexpected Safari crash [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2397878
  [ 8 ] Bug #2397883 - CVE-2025-43356 webkitgtk: A website may be able to 
access sensor information without user consent [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2397883
  [ 9 ] Bug #2397888 - CVE-2025-43342 webkitgtk: Processing maliciously crafted 
web content may lead to an unexpected process crash [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2397888
  [ 10 ] Bug #2397893 - CVE-2025-43272 webkitgtk: Processing maliciously 
crafted web content may lead to an unexpected Safari crash [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2397893
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Fedora EPEL 10.1 updates-testing report

Reply via email to