The following Fedora EPEL 10.2 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-899d88629d
mbedtls-3.6.4-2.el10_2
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-6ec36372bb
python-aiohttp-3.11.18-4.el10_2
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-b882a0a154
perl-YAML-Syck-1.36-1.el10_2
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1fe5205aa6
fluidsynth-2.4.8-2.el10_2
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-fd412e2ace
qt5-qtbase-5.15.17-2.el10_2
The following builds have been pushed to Fedora EPEL 10.2 updates-testing
MUMPS-5.7.3-5.el10_2
SuperLUMT-4.0.1-6.el10_2
chromium-141.0.7390.122-1.el10_2
dymo-cups-drivers-lw5xx-2.0.0.0-1.el10_2
egl-wayland2-1.0.1~20251021gite16cb0f-1.el10_2
lynis-3.1.6-1.el10_2
openbao-2.4.3-1.el10_2
petsc-3.24.0-7.el10_2
python-patsy-1.0.2-1.el10_2
python-setuptools-git-versioning-2.1.0-16.el10_2
ruff-0.14.1-1.el10_2
rust-astral-tokio-tar-0.5.6-1.el10_2
rust-attribute-derive-0.10.5-1.el10_2
rust-attribute-derive-macro-0.10.5-1.el10_2
rust-backon-1.5.2-2.el10_2
rust-basic-toml-0.1.10-2.el10_2
rust-collection_literals-1.0.3-1.el10_2
rust-csv-1.4.0-1.el10_2
rust-csv-core-0.1.13-1.el10_2
rust-derive_more-2.0.1-3.el10_2
rust-derive_more-impl-2.0.1-2.el10_2
rust-dlv-list-0.5.2-2.el10_2
rust-dotenv-0.15.0-16.el10_2
rust-get-size-derive2-0.7.0-1.el10_2
rust-get-size2-0.7.0-2.el10_2
rust-indoc-2.0.7-1.el10_2
rust-insta-1.43.2-1.el10_2
rust-interpolator-0.5.0-3.el10_2
rust-intrusive-collections-0.9.7-3.el10_2
rust-macro_rules_attribute-0.2.2-2.el10_2
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
rust-manyhow-0.11.4-1.el10_2
rust-manyhow-macros-0.11.4-1.el10_2
rust-memmap2-0.9.9-1.el10_2
rust-ordered-multimap-0.7.3-2.el10_2
rust-pest-2.8.3-1.el10_2
rust-pest_derive-2.8.3-1.el10_2
rust-pest_generator-2.8.3-1.el10_2
rust-pest_meta-2.8.3-1.el10_2
rust-phf-0.12.1-1.el10_2
rust-phf0.11-0.11.3-1.el10_2
rust-phf_codegen-0.12.1-1.el10_2
rust-phf_codegen0.11-0.11.3-1.el10_2
rust-phf_generator-0.12.1-1.el10_2
rust-phf_generator0.11-0.11.3-1.el10_2
rust-phf_macros-0.12.1-1.el10_2
rust-phf_macros0.11-0.11.3-1.el10_2
rust-phf_shared-0.12.1-1.el10_2
rust-phf_shared0.11-0.11.3-1.el10_2
rust-proc-macro-utils-0.10.0-1.el10_2
rust-proc-macro2-1.0.102-1.el10_2
rust-proptest-1.8.0-1.el10_2
rust-proptest-macro-0.3.1-1.el10_2
rust-python-pkginfo-0.6.6-1.el10_2
rust-quote-use-0.8.4-2.el10_2
rust-quote-use-macros-0.8.4-1.el10_2
rust-ref-cast-1.0.25-1.el10_2
rust-ref-cast-impl-1.0.25-1.el10_2
rust-reqsign-0.17.0-1.el10_2
rust-reqsign-aws-v4-1.0.0-1.el10_2
rust-reqsign-command-execute-tokio-1.0.0-1.el10_2
rust-reqsign-core-1.0.0-1.el10_2
rust-reqsign-file-read-tokio-1.0.0-1.el10_2
rust-reqsign-http-send-reqwest-1.0.0-1.el10_2
rust-rust-ini-0.21.3-1.el10_2
rust-rust_decimal-1.39.0-1.el10_2
rust-rust_decimal_macros-1.39.0-1.el10_2
rust-serde-1.0.228-1.el10_2
rust-serde_core-1.0.228-1.el10_2
rust-serde_derive-1.0.228-1.el10_2
rust-snafu-0.8.9-1.el10_2
rust-snafu-derive-0.8.9-1.el10_2
rust-strum-0.27.2-1.el10_2
rust-strum_macros-0.27.2-1.el10_2
rust-tikv-jemalloc-sys-0.6.1-1.el10_2
rust-tikv-jemallocator-0.6.1-1.el10_2
rust-trybuild2-1.2.0-5.el10_2
rust-typetag-0.2.21-1.el10_2
rust-typetag-impl-0.2.21-1.el10_2
rust-unicode-ident-1.0.20-1.el10_2
rust-zbus-5.12.0-1.el10_2
rust-zbus_macros-5.12.0-1.el10_2
rust-zerocopy-0.8.27-1.el10_2
rust-zerocopy-derive-0.8.27-1.el10_2
rust-zvariant-5.8.0-1.el10_2
rust-zvariant_derive-5.8.0-1.el10_2
sundials-7.5.0-2.el10_2
uv-0.8.24-3.el10_2
Details about builds:
================================================================================
MUMPS-5.7.3-5.el10_2 (FEDORA-EPEL-2025-7e69d51408)
A MUltifrontal Massively Parallel sparse direct Solver
--------------------------------------------------------------------------------
Update Information:
New packages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Antonio Trande <[email protected]> - 5.7.3-5
- Disable tests on RHEL s390x
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
5.7.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Mar 6 2025 Ralf Corsépius <[email protected]> - 5.7.3-3
- Rebuild for scalapack SONAME change.
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
5.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Dec 20 2024 Antonio Trande <[email protected]> - 5.7.3-1
- Release 5.7.3
* Fri Aug 16 2024 Sandro Mani <[email protected]> - 5.6.2-9
- Rebuild (scotch-7.0.4)
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
5.6.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Mar 28 2024 Antonio Trande <[email protected]> - 5.6.2-7
- Use rhel macro instead of eln (rhbz#2271816)
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
5.6.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
5.6.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 5 2024 Antonio Trande <[email protected]> - 5.6.2-4
- Re-organize conditional macros
* Fri Jan 5 2024 Antonio Trande <[email protected]> - 5.6.2-3
- Disable MPICH tests
* Fri Jan 5 2024 Antonio Trande <[email protected]> - 5.6.2-2
- Disable MPICH tests
* Fri Jan 5 2024 Antonio Trande <[email protected]> - 5.6.2-1
- Release 5.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391476 - Please branch and build sundials for EPEL 10/10.1/10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2391476
[ 2 ] Bug #2401012 - Please branch and build SuperLUMT in
epel10/epel10.1/epel10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2401012
--------------------------------------------------------------------------------
================================================================================
SuperLUMT-4.0.1-6.el10_2 (FEDORA-EPEL-2025-7e69d51408)
Single precision real SuperLU routines for shared memory parallel machines
--------------------------------------------------------------------------------
Update Information:
New packages
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 23 2025 Fedora Release Engineering <[email protected]> -
4.0.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri Jan 17 2025 Antonio Trande <[email protected]> - 4.0.1-5
- Fix GCC15 builds
* Thu Jan 16 2025 Fedora Release Engineering <[email protected]> -
4.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jul 17 2024 Fedora Release Engineering <[email protected]> -
4.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon May 20 2024 Antonio Trande <[email protected]> - 4.0.1-2
- Rebuild i686 rpms
* Sun May 19 2024 Antonio Trande <[email protected]> - 4.0.1-1
- Release 4.0.1
* Sat May 18 2024 Antonio Trande <[email protected]> - 3.1.0-45
- Fix patch commands
* Mon Jan 22 2024 Fedora Release Engineering <[email protected]> -
3.1.0-44
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <[email protected]> -
3.1.0-43
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391476 - Please branch and build sundials for EPEL 10/10.1/10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2391476
[ 2 ] Bug #2401012 - Please branch and build SuperLUMT in
epel10/epel10.1/epel10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2401012
--------------------------------------------------------------------------------
================================================================================
chromium-141.0.7390.122-1.el10_2 (FEDORA-EPEL-2025-ebffab4484)
A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:
Update to 141.0.7390.122
High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Than Ngo <[email protected]> - 141.0.7390.122-1
- Update to 141.0.7390.122
* High CVE-2025-12036 chromium: Inappropriate implementation in V8
--------------------------------------------------------------------------------
================================================================================
dymo-cups-drivers-lw5xx-2.0.0.0-1.el10_2 (FEDORA-EPEL-2025-d8757eb6bf)
DYMO LabelWriter 5xx Drivers for CUPS
--------------------------------------------------------------------------------
Update Information:
Initial specfile
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Andrew Bauer <[email protected]> - 2.0.0.0-1
- Initial specfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2359216 - dymo-cups-drivers version is outdated
https://bugzilla.redhat.com/show_bug.cgi?id=2359216
[ 2 ] Bug #2369164 - Review Request: dymo-cups-drivers-lw5xx - DYMO
LabelWriter 5xx Drivers for CUPS
https://bugzilla.redhat.com/show_bug.cgi?id=2369164
--------------------------------------------------------------------------------
================================================================================
egl-wayland2-1.0.1~20251021gite16cb0f-1.el10_2 (FEDORA-EPEL-2025-eb49c065be)
Dma-buf-based Wayland external platform library
--------------------------------------------------------------------------------
Update Information:
Update to latest snapshot.
Update to latest snapshot.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Simone Caronni <[email protected]> -
1.0.1~20251021gite16cb0f-1
- Update to latest snapshot.
* Mon Oct 20 2025 Simone Caronni <[email protected]> -
1.0.1~20251018git295712b-1
- Update to latest snapshot.
--------------------------------------------------------------------------------
================================================================================
lynis-3.1.6-1.el10_2 (FEDORA-EPEL-2025-f9345d2c5d)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
3.1.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Gwyn Ciesla <[email protected]> - 3.1.6-1
- 3.1.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2406018 - lynis-3.1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406018
--------------------------------------------------------------------------------
================================================================================
openbao-2.4.3-1.el10_2 (FEDORA-EPEL-2025-3975babff2)
A tool for securely accessing secrets
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.4.3, including fixes for CVE-2025-62513 and CVE-2025-62705.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Dave Dykstra <[email protected]> -
2.4.3-1
- update to upstream 2.4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405900 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405900
[ 2 ] Bug #2405901 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-8]
https://bugzilla.redhat.com/show_bug.cgi?id=2405901
[ 3 ] Bug #2405902 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2405902
[ 4 ] Bug #2405903 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405903
[ 5 ] Bug #2405904 - CVE-2025-62513 openbao: OpenBao leaks HTTPRawBody in
Audit Logs [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405904
--------------------------------------------------------------------------------
================================================================================
petsc-3.24.0-7.el10_2 (FEDORA-EPEL-2025-7e69d51408)
Portable Extensible Toolkit for Scientific Computation
--------------------------------------------------------------------------------
Update Information:
New packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Antonio Trande <[email protected]> - 3.24.0-7
- Disable tests on epel10
* Tue Oct 21 2025 Antonio Trande <[email protected]> - 3.24.0-6
- Add prrte BR package
* Mon Oct 20 2025 Antonio Trande <[email protected]> - 3.24.0-5
- Remove unused source files
* Mon Oct 20 2025 Antonio Trande <[email protected]> - 3.24.0-4
- Not use pre-generated Cython files
* Mon Oct 20 2025 Antonio Trande <[email protected]> - 3.24.0-3
- Fix ptscotch include directory
* Mon Oct 20 2025 Antonio Trande <[email protected]> - 3.24.0-2
- Remove exclude xvfb-run commands
* Thu Oct 16 2025 Antonio Trande <[email protected]> - 3.24.0-1
- Release 3.24.0
* Fri Sep 19 2025 Python Maint <[email protected]> - 3.23.6-5
- Rebuilt for Python 3.14.0rc3 bytecode
* Sat Sep 6 2025 Antonio Trande <[email protected]> - 3.23.6-4
- Disable python tests
* Thu Sep 4 2025 Antonio Trande <[email protected]> - 3.23.6-3
- Modify Python test commands
* Tue Sep 2 2025 Antonio Trande <[email protected]> - 3.23.6-2
- Exclude pytest
* Tue Sep 2 2025 Antonio Trande <[email protected]> - 3.23.6-1
- Release 3.23.6| Fix Python-3.14 tests
* Fri Aug 15 2025 Python Maint <[email protected]> - 3.23.5-6
- Rebuilt for Python 3.14.0rc2 bytecode
* Tue Aug 12 2025 Antonio Trande <[email protected]> - 3.23.5-5
- Disable testing on s390x
* Tue Aug 12 2025 Antonio Trande <[email protected]> - 3.23.5-4
- Remove unused sed command
* Tue Aug 12 2025 Antonio Trande <[email protected]> - 3.23.5-3
- Switch back to old py3_build py_install (rhbz#2387582) | See bug ticket
2377370
* Sat Aug 9 2025 Antonio Trande <[email protected]> - 3.23.5-2
- Build petsc64
* Sat Aug 9 2025 Antonio Trande <[email protected]> - 3.23.5-1
- Release 3.23.5
* Thu Aug 7 2025 Antonio Trande <[email protected]> - 3.23.3-8
- Set PYTHONPATH
* Thu Aug 7 2025 Antonio Trande <[email protected]> - 3.23.3-7
- Disable petsc4py tests temporarily
* Wed Aug 6 2025 Antonio Trande <[email protected]> - 3.23.3-6
- Fix Buildrequires packages
* Wed Aug 6 2025 Antonio Trande <[email protected]> - 3.23.3-5
- Fix rhbz#2377370
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
3.23.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 26 2025 Antonio Trande <[email protected]> - 3.23.3-3
- Disable petsc4py tests
* Tue Jun 3 2025 Python Maint <[email protected]> - 3.23.3-2
- Rebuilt for Python 3.14
* Mon Jun 2 2025 Antonio Trande <[email protected]> - 3.23.3-1
- Release 3.23.3
* Sat May 10 2025 Antonio Trande <[email protected]> - 3.23.2-1
- Release 3.23.0 (rhbz#2365411)
* Thu May 1 2025 Antonio Trande <[email protected]> - 3.23.1-1
- Release 3.23.1
* Sun Apr 27 2025 Antonio Trande <[email protected]> - 3.23.0-1
- Release 3.23.0
* Thu Apr 10 2025 Antonio Trande <[email protected]> - 3.22.5-1
- Release 3.22.5
* Mon Mar 31 2025 Andrea Bolognani <[email protected]> - 3.22.4-4
- Fix valgrind checks
* Sun Mar 30 2025 Antonio Trande <[email protected]> - 3.22.4-3
- Fix ricsv64 builds
* Thu Mar 6 2025 Ralf Corsépius <[email protected]> - 3.22.4-2
- Rebuild for scalapack SONAME change.
* Sun Mar 2 2025 Antonio Trande <[email protected]> - 3.22.4-1
- Release 3.22.4
* Fri Jan 31 2025 Antonio Trande <[email protected]> - 3.22.3-1
- Release 3.22.3
* Sun Jan 19 2025 Antonio Trande <[email protected]> - 3.22.2-7
- Use valgrind correctly
* Sun Jan 19 2025 Antonio Trande <[email protected]> - 3.22.2-6
- Make make check more verbose
* Sat Jan 18 2025 Fedora Release Engineering <[email protected]> -
3.22.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Dec 30 2024 Antonio Trande <[email protected]> - 3.22.2-4
- Fix popd commands
* Sun Dec 29 2024 Antonio Trande <[email protected]> - 3.22.2-3
- Disable testing on s390x
* Sun Dec 29 2024 Antonio Trande <[email protected]> - 3.22.2-2
- Simplify PETSc's libraries testing
* Fri Dec 20 2024 Antonio Trande <[email protected]> - 3.22.2-1
- Release 3.22.2|Rebuild for MUMPS-5.7.3|Silence test verbosity
* Fri Nov 22 2024 Antonio Trande <[email protected]> - 3.20.6-14
- Rebuild for openmpi-5.0.6 (rhbz#2328137)
* Fri Oct 25 2024 Orion Poplawski <[email protected]> - 3.20.6-13
- Rebuild for hdf5 1.14.5
* Fri Sep 13 2024 Antonio Trande <[email protected]> - 3.20.6-12
- Rebuild for MPICH-4.2.2
* Thu Sep 5 2024 Antonio Trande <[email protected]> - 3.20.6-11
- Rebuild for SuperLU-7.0.0
* Fri Aug 16 2024 Sandro Mani <[email protected]> - 3.20.6-10
- Rebuild (scotch-7.0.4)
* Tue Aug 6 2024 David Bold <[email protected]> - 3.20.6-9
- Fix configure script for python3.13
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
3.20.6-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jun 8 2024 Python Maint <[email protected]> - 3.20.6-7
- Rebuilt for Python 3.13
* Fri Apr 26 2024 Orion Poplawski <[email protected]> - 3.20.6-6
- Rebuild for openmpi 5.0.3
* Sun Apr 21 2024 Antonio Trande <[email protected]> - 3.20.6-5
- Rebuild for MPICH-4.2.1
* Wed Apr 10 2024 Antonio Trande <[email protected]> - 3.20.6-4
- Release number bump
* Mon Apr 1 2024 Antonio Trande <[email protected]> - 3.20.6-3
- Reload Cython3 files for EPEL9 builds
* Mon Apr 1 2024 Antonio Trande <[email protected]> - 3.20.6-2
- Fix Scotch MPI include directories in RHEL
* Sun Mar 31 2024 Antonio Trande <[email protected]> - 3.20.6-1
- Release 3.20.6 (rhbz#2272217)
* Mon Mar 4 2024 David Abdurachmanov <[email protected]> - 3.20.5-3
- Properly check for valgrind support
* Sat Mar 2 2024 Antonio Trande <[email protected]> - 3.20.5-2
- Release 3.20.5 (rhbz#2266220) |Drop incorporated patch
* Sat Mar 2 2024 Antonio Trande <[email protected]> - 3.20.5-1
- Release 3.20.5 (rhbz#2266220)
* Thu Feb 8 2024 Antonio Trande <[email protected]> - 3.20.4-4
- Move up patch #8
* Thu Feb 8 2024 Antonio Trande <[email protected]> - 3.20.4-3
- Fix upstream bug #1542
* Tue Feb 6 2024 Antonio Trande <[email protected]> - 3.20.4-2
- Patched for using metis64
* Tue Feb 6 2024 Antonio Trande <[email protected]> - 3.20.4-1
- Release 3.20.4
* Thu Jan 25 2024 Fedora Release Engineering <[email protected]> -
3.20.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <[email protected]> -
3.20.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jan 6 2024 Antonio Trande <[email protected]> - 3.20.2-5
- Rebuild for MUMPS-5.6.2
* Sun Dec 24 2023 Antonio Trande <[email protected]> - 3.20.2-4
- Rebuild for openmpi-5.0.1
* Sat Dec 16 2023 Antonio Trande <[email protected]> - 3.20.2-3
- Rebuild for superlu_dist-8.2.0
* Sun Dec 3 2023 Antonio Trande <[email protected]> - 3.20.2-2
- Fix License tag
* Sun Dec 3 2023 Antonio Trande <[email protected]> - 3.20.2-1
- Release 3.20.2
* Sun Nov 5 2023 Antonio Trande <[email protected]> - 3.20.1-2
- Disable Python test for missing epydoc module
* Wed Nov 1 2023 Antonio Trande <[email protected]> - 3.20.1-1
- Release 3.20.1
* Sun Oct 29 2023 Orion Poplawski <[email protected]> - 3.20.0-4
- Properly conditionalize the python mpi sub-packages
* Sun Oct 29 2023 Orion Poplawski <[email protected]> - 3.20.0-3
- Rework conditional
* Sun Oct 29 2023 Orion Poplawski <[email protected]> - 3.20.0-2
- Rebuild for openmpi 5.0.0, drops support for i686
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391476 - Please branch and build sundials for EPEL 10/10.1/10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2391476
[ 2 ] Bug #2401012 - Please branch and build SuperLUMT in
epel10/epel10.1/epel10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2401012
--------------------------------------------------------------------------------
================================================================================
python-patsy-1.0.2-1.el10_2 (FEDORA-EPEL-2025-c5d2b7515e)
Describing statistical models in Python using symbolic formulas
--------------------------------------------------------------------------------
Update Information:
patsy 1.0.2 GA
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Kaleb S. KEITHLEY <[email protected]> - 1.0.2-1
- patsy 1.0.2 GA
--------------------------------------------------------------------------------
================================================================================
python-setuptools-git-versioning-2.1.0-16.el10_2 (FEDORA-EPEL-2025-a28e6bc80a)
Use git repo data for building a version number according to PEP-440
--------------------------------------------------------------------------------
Update Information:
Fix incorrect version in metadata (RHBZ#2405588)
Run the tests
Fix a small typo in the package summary and description, and tidy up the
package description a bit
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-16
- Run the tests
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-15
- Fix incorrect version in metadata (fix RHBZ#2405588)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-13
- Fix a small typo in the package summary and description
- Tidy up the package description a bit
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-12
- Simplify man page generation
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-11
- Fix wrong Summary on binary package
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 2.1.0-9
- Fix the source archive name
* Fri Sep 19 2025 Python Maint <[email protected]> - 2.1.0-7
- Rebuilt for Python 3.14.0rc3 bytecode
* Fri Aug 15 2025 Python Maint <[email protected]> - 2.1.0-6
- Rebuilt for Python 3.14.0rc2 bytecode
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.1.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Jun 2 2025 Python Maint <[email protected]> - 2.1.0-4
- Rebuilt for Python 3.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2405588 - python-setuptools-git-versioning python3dist provides
are incorrect
https://bugzilla.redhat.com/show_bug.cgi?id=2405588
--------------------------------------------------------------------------------
================================================================================
ruff-0.14.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Extremely fast Python linter and code formatter
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.1-1
- Update to 0.14.1 (close RHBZ#2360699)
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-2
- Skip salsaâs execute_cancellation tests on all architectures
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.14.0-1
- Update to 0.14.0
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.3-1
- Update to 0.13.3
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.13.2-1
- Update to 0.13.2
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.12.1-2
- Use rpm's native resource tunable to limit parallelism.
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.1-1
- Update to 0.12.1
* Wed Sep 24 2025 Benjamin A. Beasley <[email protected]> - 0.12.0-1
- Update to 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-astral-tokio-tar-0.5.6-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust implementation of an async TAR file reader and writer
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley <[email protected]> - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap like parsing for attributes in proc-macros
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398133)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-attribute-derive-macro-0.10.5-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Clap for proc macro attributes
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 0.10.5-1
- Initial package (close RHBZ#2398120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-backon-1.5.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Make retry like a built-in feature provided by Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 21 2025 Benjamin A. Beasley <[email protected]> - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini <[email protected]> - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini <[email protected]> - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini <[email protected]> - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini <[email protected]> - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider <[email protected]> - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-basic-toml-0.1.10-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Minimal TOML library with few dependencies
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Mon Mar 3 2025 Fabio Valentini <[email protected]> - 0.1.10-1
- Update to version 0.1.10; Fixes RHBZ#2349381
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.1.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Thu Apr 25 2024 Fabio Valentini <[email protected]> - 0.1.9-1
- Update to version 0.1.9; Fixes RHBZ#2269097
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 3 2024 Fabio Valentini <[email protected]> - 0.1.8-1
- Update to version 0.1.8; Fixes RHBZ#2256493
* Sun Nov 12 2023 Fabio Valentini <[email protected]> - 0.1.7-1
- Update to version 0.1.7; Fixes RHBZ#2246261
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-collection_literals-1.0.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Easy-to-use macros for initializing any collection
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Benjamin A. Beasley <[email protected]> - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2400587
- Upstream now provides a LICENSE file
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 1.0.2-1
- Initial package (close RHBZ#2398064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-csv-1.4.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Fast CSV parsing with support for serde
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.4.0-1
- Update to version 1.4.0; Fixes RHBZ#2404706
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-csv-core-0.1.13-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Bare bones CSV parsing with no_std support
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.1.13-1
- Update to version 0.1.13; Fixes RHBZ#2404707
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-2.0.1-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Adds #[derive(x)] macros for more traits
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Mar 25 2025 Fabio Valentini <[email protected]> - 2.0.1-2
- Skip three tests that fail on big-endian architectures
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343601
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Mon Sep 2 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Update to version 1.0.0; Fixes RHBZ#2303544
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.99.17-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.99.17-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Aug 5 2023 Fabio Valentini <[email protected]> - 0.99.17-6
- Regenerate with rust2rpm v24
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-derive_more-impl-2.0.1-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Internal implementation of derive_more crate
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Mar 22 2025 Fabio Valentini <[email protected]> - 2.0.1-1
- Update to version 2.0.1; Fixes RHBZ#2343600
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sun Sep 8 2024 Fabio Valentini <[email protected]> - 1.0.0-1
- Initial import (#2309192)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-dlv-list-0.5.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Semi-doubly linked list implemented using a vector
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Fri May 2 2025 Cristian Le <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Fixes RHBZ#1989392
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.3.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.3.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-dotenv-0.15.0-16.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Dotenv implementation for Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.15.0-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.15.0-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Sep 13 2024 Fabio Valentini <[email protected]> - 0.15.0-14
- Remove reference to readme file that is not included in published crates
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.15.0-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.15.0-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-get-size-derive2-0.7.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Derives the GetSize trait
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-get-size2-0.7.0-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Determine the size in bytes an object occupies inside RAM
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-2
- Add missing rust2rpm.toml file
* Mon Oct 20 2025 Benjamin A. Beasley <[email protected]> - 0.7.0-1
- Initial package (close RHBZ#2398235)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-indoc-2.0.7-1.el10_2 (FEDORA-EPEL-2025-b68d1354ff)
Indented document literals
--------------------------------------------------------------------------------
Update Information:
Update to version 2.0.7.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.0.7-1
- Update to version 2.0.7; Fixes RHBZ#2405429
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.0.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-insta-1.43.2-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Snapshot testing library for Rust
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.43.2-1
- Update to version 1.43.2; Fixes RHBZ#2393320
--------------------------------------------------------------------------------
================================================================================
rust-interpolator-0.5.0-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Runtime format strings, fully compatible with std's macros
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-3
- Omit some unnecessary dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-2
- No longer allow proptest-derive 0.5
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.5.0-1
- Initial package (close RHBZ#2398112)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-intrusive-collections-0.9.7-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Intrusive collections for Rust (linked list and red-black tree)
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.9.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.9.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Sep 17 2024 Fabio Valentini <[email protected]> - 0.9.7-1
- Update to version 0.9.7; Fixes RHBZ#2310229
* Fri Jul 19 2024 Fedora Release Engineering <[email protected]> -
0.9.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed Jul 10 2024 Oliver Steffen <[email protected]> - 0.9.6-1
- Initial import (fedora#2290692).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-0.2.2-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Use declarative macros in attribute or derive position
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 10 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Initial Import (rhbz#2358542).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-macro_rules_attribute-proc_macro-0.2.2-2.el10_2
(FEDORA-EPEL-2025-d12b62c436)
Use declarative macros as proc_macro attributes or derives
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.2-1
- Update macro_rules_attribute-proc_macro to 0.2.2
* Tue Jun 3 2025 Alexander F. Lent <[email protected]> - 0.2.0-1
- Initial Import (rhbz#2358541).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Proc macro error handling à la anyhow x proc-macro-error
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-manyhow-macros-0.11.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Macro for manyhow
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.11.4-1
- Initial package (close RHBZ#2398059)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-memmap2-0.9.9-1.el10_2 (FEDORA-EPEL-2025-4a99bd7256)
Cross-platform Rust API for memory-mapped file IO
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.9.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.9.9-1
- Update to version 0.9.9; Fixes RHBZ#2405355
--------------------------------------------------------------------------------
================================================================================
rust-ordered-multimap-0.7.3-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Insertion ordered multimap
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu May 1 2025 Cristian Le <[email protected]> - 0.7.3-1
- Update to version 0.7.3; Fixes RHBZ#1976416
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.4.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-pest-2.8.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Elegant Parser
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394785
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_derive-2.8.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Pest's derive macro
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394786
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_generator-2.8.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Pest code generator
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394787
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-pest_meta-2.8.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Pest meta language parser and validator
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 2.8.3-1
- Update to version 2.8.3; Fixes RHBZ#2394788
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.8.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf-0.12.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Runtime support for perfect hash function data structures
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.12.1-1
- Update to version 0.12.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf0.11-0.11.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Runtime support for perfect hash function data structures
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.11.3-1
- Initial import (phf 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-phf_codegen-0.12.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Codegen library for PHF types
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.12.1-1
- Update to version 0.12.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_codegen0.11-0.11.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Codegen library for PHF types
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.11.3-1
- Initial import (phf_codegen 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-phf_generator-0.12.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
PHF generation logic
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.12.1-1
- Update to version 0.12.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_generator0.11-0.11.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
PHF generation logic
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.11.3-1
- Initial import (phf_generator 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-phf_macros-0.12.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Macros to generate types in the phf crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.12.1-1
- Update to version 0.12.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_macros0.11-0.11.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Macros to generate types in the phf crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.11.3-1
- Initial import (phf_macros 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-phf_shared-0.12.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Support code shared by PHF libraries
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 Fabio Valentini <[email protected]> - 0.12.1-1
- Update to version 0.12.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-phf_shared0.11-0.11.3-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Support code shared by PHF libraries
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.11.3-1
- Initial import (phf_shared 0.11 compat package)
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro-utils-0.10.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Low-level utilities on proc-macro and proc-macro2 types
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.10.0-1
- Initial package (close RHBZ#2398050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-proc-macro2-1.0.102-1.el10_2 (FEDORA-EPEL-2025-196c3ea9da)
Substitute implementation of the Rust compiler's proc_macro API
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.102.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.102-1
- Update to version 1.0.102; Fixes RHBZ#2405955
--------------------------------------------------------------------------------
================================================================================
rust-proptest-1.8.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Hypothesis-like property-based testing and shrinking
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.8.0-1
- Update to version 1.8.0; Fixes RHBZ#2397094
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-proptest-macro-0.3.1-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Procedural macros for the proptest crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.3.1-1
- Update to version 0.3.1; Fixes RHBZ#2397095
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-python-pkginfo-0.6.6-1.el10_2 (FEDORA-EPEL-2025-a0301ce62d)
Parse Python package metadata from sdist and bdists and etc
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.6.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.6.6-1
- Update to version 0.6.6; Fixes RHBZ#2405106
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.5-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-0.8.4-2.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-2
- Omit several unused dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398057)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-quote-use-macros-0.8.4-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Support use in procmacros hygienically
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 0.8.4-1
- Initial package (close RHBZ#2398054)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-ref-cast-1.0.25-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Safely cast &T to &U where the struct U contains a single field of type T
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.25-1
- Update to version 1.0.25; Fixes RHBZ#2400028
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-ref-cast-impl-1.0.25-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Derive implementation for ref_cast::RefCast
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.25-1
- Update to version 1.0.25; Fixes RHBZ#2400029
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.0.24-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-0.17.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing HTTP requests for popular cloud services
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-aws-v4-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-command-execute-tokio-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Tokio-based command execution implementation for reqsign
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-core-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-file-read-tokio-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 8 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-reqsign-http-send-reqwest-1.0.0-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Signing API requests without effort
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley <[email protected]> - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-rust-ini-0.21.3-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Ini configuration file parsing library in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Fabio Valentini <[email protected]> - 0.21.3-1
- Update to version 0.21.3; Fixes RHBZ#2392154
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.21.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue Jul 8 2025 Fabio Valentini <[email protected]> - 0.21.2-1
- Update to version 0.21.2; Fixes RHBZ#2375939
* Thu May 1 2025 Cristian Le <[email protected]> - 0.21.1-1
- Update to version 0.21.1; Fixes RHBZ#2193253
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.18.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.18.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-rust_decimal-1.39.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Decimal number implementation written in pure Rust
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.39.0-1
- Update to version 1.39.0; Fixes RHBZ#2395075
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.37.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-rust_decimal_macros-1.39.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Shorthand macros to assist creating Decimal types
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.39.0-1
- Update to version 1.39.0; Fixes RHBZ#2395074
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.37.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-serde-1.0.228-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Generic serialization/deserialization framework
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397127
--------------------------------------------------------------------------------
================================================================================
rust-serde_core-1.0.228-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Serde traits
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397130
--------------------------------------------------------------------------------
================================================================================
rust-serde_derive-1.0.228-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Macros 1.1 implementation of #[derive(Serialize, Deserialize)]
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.228-1
- Update to version 1.0.228; Fixes RHBZ#2397128
--------------------------------------------------------------------------------
================================================================================
rust-snafu-0.8.9-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Ergonomic error handling library
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.9-1
- Update to version 0.8.9; Fixes RHBZ#2389908
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-snafu-derive-0.8.9-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Ergonomic error handling library
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.9-1
- Update to version 0.8.9; Fixes RHBZ#2389909
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-strum-0.27.2-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Helpful macros for working with enums and strings
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.27.2-1
- Update to version 0.27.2; Fixes RHBZ#2382095
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.27.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-strum_macros-0.27.2-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Helpful macros for working with enums and strings
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.27.2-1
- Update to version 0.27.2; Fixes RHBZ#2382096
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.27.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemalloc-sys-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust FFI bindings to jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-tikv-jemallocator-0.6.1-1.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Rust allocator backed by jemalloc
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley <[email protected]> - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-trybuild2-1.2.0-5.el10_2 (FEDORA-EPEL-2025-d12b62c436)
Test harness for ui tests of compiler diagnostics
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
1.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
1.2.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
1.2.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
1.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jan 11 2024 Fabio Valentini <[email protected]> - 1.2.0-1
- Update to version 1.2.0; Fixes RHBZ#2253010
* Thu Jul 27 2023 Fabio Valentini <[email protected]> - 1.1.0-1
- Update to version 1.1.0; Fixes RHBZ#2224729
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
================================================================================
rust-typetag-0.2.21-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Serde serializable and deserializable trait objects
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.2.21-1
- Update to version 0.2.21; Fixes RHBZ#2400030
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-typetag-impl-0.2.21-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Implementation detail of the typetag crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.2.21-1
- Update to version 0.2.21; Fixes RHBZ#2400031
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.2.20-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-unicode-ident-1.0.20-1.el10_2 (FEDORA-EPEL-2025-9fd7864697)
Determine whether characters have the XID_Start or XID_Continue properties
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.20.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 1.0.20-1
- Update to version 1.0.20; Fixes RHBZ#2405296
--------------------------------------------------------------------------------
================================================================================
rust-zbus-5.12.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
API for D-Bus communication
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.12.0-1
- Update to version 5.12.0; Fixes RHBZ#2394033
--------------------------------------------------------------------------------
================================================================================
rust-zbus_macros-5.12.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Proc-macros for zbus
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.12.0-1
- Update to version 5.12.0; Fixes RHBZ#2394034
--------------------------------------------------------------------------------
================================================================================
rust-zerocopy-0.8.27-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Makes zero-cost memory manipulation effortless
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.27-1
- Update to version 0.8.27; Fixes RHBZ#2393699
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-zerocopy-derive-0.8.27-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
Custom derive for traits from the zerocopy crate
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 0.8.27-1
- Update to version 0.8.27; Fixes RHBZ#2393698
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.8.26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rust-zvariant-5.8.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
D-Bus & GVariant encoding & decoding
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.8.0-1
- Update to version 5.8.0; Fixes RHBZ#2404210
--------------------------------------------------------------------------------
================================================================================
rust-zvariant_derive-5.8.0-1.el10_2 (FEDORA-EPEL-2025-27935b94f1)
D-Bus & GVariant encoding & decoding
--------------------------------------------------------------------------------
Update Information:
Batch update for various Rust crates.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Fabio Valentini <[email protected]> - 5.8.0-1
- Update to version 5.8.0; Fixes RHBZ#2404213
--------------------------------------------------------------------------------
================================================================================
sundials-7.5.0-2.el10_2 (FEDORA-EPEL-2025-7e69d51408)
Suite of nonlinear solvers
--------------------------------------------------------------------------------
Update Information:
New packages
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 22 2025 Antonio Trande <[email protected]> - 7.5.0-2
- Fix lib nevcpetsc installation
* Thu Oct 16 2025 Antonio Trande <[email protected]> - 7.5.0-1
- Release 7.5.0
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
7.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jul 20 2025 Antonio Trande <[email protected]> - 7.3.0-3
- Fix rhbz#2381140
* Fri May 9 2025 Yaakov Selkowitz <[email protected]> - 7.3.0-2
- Fix flatpak build
* Sun Apr 27 2025 Antonio Trande <[email protected]> - 7.3.0-1
- Release 7.3.0
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
7.1.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Fri Dec 20 2024 Antonio Trande <[email protected]> - 7.1.1-2
- Install sundials_futils.h file
* Fri Dec 20 2024 Antonio Trande <[email protected]> - 7.1.1-1
- Release 7.1.1
* Sun Nov 10 2024 Songsong Zhang <[email protected]> - 6.7.0-5
- Add SuperLUMT BuildRequires for RISC-V
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
6.7.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Mon May 20 2024 Antonio Trande <[email protected]> - 6.7.0-3
- Rebuild for SuperLUMT-4.0.1
* Tue Apr 23 2024 David Bold <[email protected]> - 6.7.0-2
- Only the -devel packages should pull in gcc
* Fri Mar 1 2024 Antonio Trande <[email protected]> - 6.7.0-1
- Release 6.7.0
* Sun Feb 4 2024 Orion Poplawski <[email protected]> - 6.6.2-7
- Rebuild with suitesparse 7.6.0
* Sat Jan 27 2024 Fedora Release Engineering <[email protected]> -
6.6.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Antonio Trande <[email protected]> - 6.6.2-5
- Fix Obsoletes tag
* Fri Jan 19 2024 Antonio Trande <[email protected]> - 6.6.2-4
- Fix rhbz#2258767
* Sat Nov 11 2023 Orion Poplawski <[email protected]> - 6.6.2-3
- Apply upstream patch to fix sonames
* Wed Nov 8 2023 Antonio Trande <[email protected]> - 6.6.2-2
- Disable openmpi builds in i686 architecture
* Wed Nov 8 2023 Antonio Trande <[email protected]> - 6.6.2-1
- Release 6.6.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391476 - Please branch and build sundials for EPEL 10/10.1/10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2391476
[ 2 ] Bug #2401012 - Please branch and build SuperLUMT in
epel10/epel10.1/epel10.0
https://bugzilla.redhat.com/show_bug.cgi?id=2401012
--------------------------------------------------------------------------------
================================================================================
uv-0.8.24-3.el10_2 (FEDORA-EPEL-2025-d12b62c436)
An extremely fast Python package installer and resolver, written in Rust
--------------------------------------------------------------------------------
Update Information:
uv 0.8.24
https://github.com/astral-sh/uv/blob/0.8.24/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.1
https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial packages for a number of new dependencies for ruff and uv, and initial
EPEL10 packages for a few of their dependencies.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-3
- Revert "Allow hashbrown 0.15 (for EPEL10.1)"
* Thu Oct 23 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley <[email protected]> - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer <[email protected]> - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley <[email protected]> - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley <[email protected]> - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2405468 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar
Vulnerable to PAX Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405468
[ 3 ] Bug #2405469 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX
Header Desynchronization [epel-10]
https://bugzilla.redhat.com/show_bug.cgi?id=2405469
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
