The following Fedora EPEL 9 Security updates need testing:
Age URL
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-9a55de96db
xpdf-4.06-1.el9
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-473cf23bc7
apptainer-1.4.5-2.el9
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-c15a630034
python3.13-3.13.11-1.el9
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-f43c018f46
python-django4.2-4.2.27-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
checkpointctl-1.4.1-1.el9
copr-cli-2.4-1.el9
python-copr-2.5-1.el9
python-copr-common-1.5-1.el9
python3-rpm-4.16.1.3-39.1.el9
rust-libz-rs-sys-0.5.4-1.el9
rust-probe-0.5.2-1.el9
rust-zlib-rs-0.5.4-1.el9
umoci-0.6.0-1.el9
zile-2.6.4-1.el9
Details about builds:
================================================================================
checkpointctl-1.4.1-1.el9 (FEDORA-EPEL-2025-b479f3bb28)
A command-line tool for in-depth analysis of container checkpoints
--------------------------------------------------------------------------------
Update Information:
Update checkpointctl to 1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Adrian Reber <[email protected]> - 1:1.4.1-1
- Update checkpointctl to 1.4.1
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 1:1.4.0-4
- rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2398981 - CVE-2025-47906 checkpointctl: Unexpected paths returned
from LookPath in os/exec [epel-9]
https://bugzilla.redhat.com/show_bug.cgi?id=2398981
[ 2 ] Bug #2412477 - CVE-2025-58183 checkpointctl: Unbounded allocation when
parsing GNU sparse map [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2412477
--------------------------------------------------------------------------------
================================================================================
copr-cli-2.4-1.el9 (FEDORA-EPEL-2025-da61b7813f)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
set of new copr packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Jiri Kyjovsky <[email protected]> 2.4-1
- Fix copr-cli download for Pulp projects
- Add API endpoint for generating a new token
- Add wildcard support for 'Packit allowed forge projects'
--------------------------------------------------------------------------------
================================================================================
python-copr-2.5-1.el9 (FEDORA-EPEL-2025-da61b7813f)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
set of new copr packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Jiri Kyjovsky <[email protected]> 2.5-1
- Add API endpoint for generating a new token
- Make copr.v3.helpers.wait official part of API
--------------------------------------------------------------------------------
================================================================================
python-copr-common-1.5-1.el9 (FEDORA-EPEL-2025-da61b7813f)
Python code used by Copr
--------------------------------------------------------------------------------
Update Information:
set of new copr packages
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 9 2025 Jiri Kyjovsky <[email protected]> 1.5-1
- Send JSON data for PATCH requests
- Implement chunked uploads to Pulp
--------------------------------------------------------------------------------
================================================================================
python3-rpm-4.16.1.3-39.1.el9 (FEDORA-EPEL-2025-3cad3080d5)
Python 3.X packages with RPM bindings
--------------------------------------------------------------------------------
Update Information:
Sync with RPM version from RHEL / CentoOS Stream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 20 2025 Michal Domonkos <[email protected]> - 4.16.1.3-39
- Allow an optional "override clock" for deterministic timestamps (RHEL-106672)
--------------------------------------------------------------------------------
================================================================================
rust-libz-rs-sys-0.5.4-1.el9 (FEDORA-EPEL-2025-886c76be5a)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.4
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Benjamin A. Beasley <[email protected]> - 0.5.4-1
- Update to version 0.5.4; Fixes RHBZ#2420966
* Mon Dec 8 2025 Benjamin A. Beasley <[email protected]> - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2419267
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419267 - rust-libz-rs-sys-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419267
[ 2 ] Bug #2419340 - rust-zlib-rs-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419340
[ 3 ] Bug #2420961 - rust-zlib-rs-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420961
[ 4 ] Bug #2420966 - rust-libz-rs-sys-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420966
--------------------------------------------------------------------------------
================================================================================
rust-probe-0.5.2-1.el9 (FEDORA-EPEL-2025-003aea1e24)
Static instrumentation probes
--------------------------------------------------------------------------------
Update Information:
upstream
see upstream changes: https://github.com/cuviper/probe-
rs/compare/v0.5.1...v0.5.2
packaging
s390x now enabled as inline assembly is now considered stable. ppc64le still
disabled
use rust2rpm.toml's new unsupported-arches feature. This means even on ppc64le
the package is still available, it's just not built/tested.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Michel Lind <[email protected]> - 0.5.2-1
- Update to version 0.5.2; Resolves: RHBZ#2413502
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
0.5.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
0.5.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
0.5.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Fri Jan 26 2024 Fedora Release Engineering <[email protected]> -
0.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2413502 - rust-probe-0.5.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2413502
--------------------------------------------------------------------------------
================================================================================
rust-zlib-rs-0.5.4-1.el9 (FEDORA-EPEL-2025-886c76be5a)
Memory-safe zlib implementation written in rust
--------------------------------------------------------------------------------
Update Information:
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.4
https://github.com/trifectatechfoundation/zlib-rs/releases/tag/v0.5.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Benjamin A. Beasley <[email protected]> - 0.5.4-1
- Update to version 0.5.4; Fixes RHBZ#2420961
* Mon Dec 8 2025 Benjamin A. Beasley <[email protected]> - 0.5.3-1
- Update to version 0.5.3; Fixes RHBZ#2419340
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2419267 - rust-libz-rs-sys-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419267
[ 2 ] Bug #2419340 - rust-zlib-rs-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2419340
[ 3 ] Bug #2420961 - rust-zlib-rs-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420961
[ 4 ] Bug #2420966 - rust-libz-rs-sys-0.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2420966
--------------------------------------------------------------------------------
================================================================================
umoci-0.6.0-1.el9 (FEDORA-EPEL-2025-f912c42f46)
Open Container Image manipulation tool
--------------------------------------------------------------------------------
Update Information:
New for epel9 and epel10.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 28 2025 Robby Callicotte <[email protected]> - 0.6.0-1
- Update to 0.6.0
* Fri Nov 28 2025 Robby Callicotte <[email protected]> - 0.5.0-1
- Initial package rhbz#2391155
--------------------------------------------------------------------------------
================================================================================
zile-2.6.4-1.el9 (FEDORA-EPEL-2025-6553a9da75)
Zile Is Lossy Emacs
--------------------------------------------------------------------------------
Update Information:
Noteworthy changes in release 2.6.4 (2025-03-15) [stable]
Bug fixes
This release fixes reading files larger than 2GB, and writing files where
the operating system divides the writing into multiple chunks (in
practice, probably also files longer than 2GB). Previously, the amount of
data read was subject to integer overflow, and the wrong data (both in
content and size) was written when it was written in multiple passes.
Iâve never had a bug report about this, but apologies to anyone who ran
into it!
Noteworthy changes in release 2.6.3 (2025-03-11) [stable]
Miscellaneous
This release fixes the build on systems that may need more replacements
libc functions than a typical GNU system, such as Microsoft Windows. There
are some minor updates to the build system.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 10 2025 Michel Lind <[email protected]> - 2.6.4-1
- Update to 2.6.4 upstream release
- Resolves: rhbz#2351408
* Fri Jul 25 2025 Fedora Release Engineering <[email protected]> -
2.6.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <[email protected]> -
2.6.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Thu Jul 25 2024 Miroslav Suchý <[email protected]> - 2.6.2-7
- convert license to SPDX
* Sat Jul 20 2024 Fedora Release Engineering <[email protected]> -
2.6.2-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2351408 - zile-2.6.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2351408
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
