[EPEL-devel] Re: Take the EPEL user and contributor survey 2023!
On Fri, 1 Sept 2023 at 16:03, Diego Herrera wrote: > Hello, everyone > > The Fedora EPEL SIG is asking for feedback to improve EPEL via this survey! > > * https://fedoraproject.limequery.com/2023 > > The link is incorrect and should be https://fedoraproject.limequery.com/epelsurvey2023 > The survey is targeting EPEL users and contributors. It asks about > how you use EPEL, how you contribute to it, and on what would you need > to improve that experience. > > If you're someone who uses or works on Extra Packages for Enterprise > Linux, > please participate. Survey closes at the end of September! > > Thank you for your contribution! > ___ > epel-devel mailing list -- epel-devel@lists.fedoraproject.org > To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Stephen Smoogen, Red Hat Automotive Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[EPEL-devel] Take the EPEL user and contributor survey 2023!
Hello, everyone The Fedora EPEL SIG is asking for feedback to improve EPEL via this survey! * https://fedoraproject.limequery.com/2023 The survey is targeting EPEL users and contributors. It asks about how you use EPEL, how you contribute to it, and on what would you need to improve that experience. If you're someone who uses or works on Extra Packages for Enterprise Linux, please participate. Survey closes at the end of September! Thank you for your contribution! ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[EPEL-devel] Re: EPEL-ANNOUNCE incompatible update of caddy in EPEL 9
On Thu, Aug 24, 2023 at 1:44 AM Carl George wrote: > > I am performing an incompatible upgrade of the caddy package in EPEL > 9. In accordance with the incompatible upgrade policy [0], I proposed > this upgrade just over a week ago on the epel-devel mailing list [1]. > For reasons detailed in the previous email, it is no longer possible > to update the package at the current version, preventing me from > resolving known CVEs. Today the EPEL Steering Committee voted to > approve this upgrade [2]. > > This upgrade will take the package from version 2.4.6 to 2.6.4. This > includes a few backwards-incompatible changes. I believe these > changes are on the milder side, and most users shouldn't notice a > difference. Here are the most notable removals/changes: > > - Reverse proxy: Incoming X-Forwarded-* headers will no longer be > automatically trusted, to prevent spoofing. > - Logging: Removed the deprecated common_log field from HTTP access > logs, and the single_field encoder. > - Logging: The remote_addr field has been replaced by remote_ip and > remote_port fields in HTTP access logs, which split up the two parts > of the remote address. > - Caddyfile: The reverse_proxy directive's handle_response > subdirective has had its status replacement functionality moved to a > new replace_status subdirective. > > There are also a few additional changes to features labeled as > experimental, and some deprecations (not yet removed). For a full > list, see the upstream release notes [3][4]. > > If you are able, please test and provide karma for the update [5]. > > [0] > https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/ > [1] > https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/CDNDAKTIAQTFTNDHOIHKQJ4B2LAV5ZSS/ > [2] > https://meetbot.fedoraproject.org/fedora-meeting/2023-08-23/epel.2023-08-23-20.00.html > [3] https://github.com/caddyserver/caddy/releases/tag/v2.5.0 > [4] https://github.com/caddyserver/caddy/releases/tag/v2.6.0 > [5] https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-8849a14e7f > > -- > Carl George > ___ > epel-announce mailing list -- epel-annou...@lists.fedoraproject.org > To unsubscribe send an email to epel-announce-le...@lists.fedoraproject.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/epel-annou...@lists.fedoraproject.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue This update has been in the testing repo for the mandatory 1 week period. I am pushing it to stable now. -- Carl George ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[EPEL-devel] Re: Incompatible security update for llhttp in EPEL9
I just pushed this update to stable. On 8/17/23 9:08 AM, Ben Beasley wrote: This email announces that the llhttp package in EPEL9 will be upgraded from 6.0.10 to 8.1.1[1], which breaks the ABI and bumps the SONAME version, as discussed[2] and approved[3] under the EPEL Incompatible Upgrades Policy[4]. At the same time, python-aiohttp will be upgraded from 3.8.4 to 3.8.5. Currently, only python-aiohttp depends on the llhttp package in EPEL9. This update fixes CVE-2023-30589[5]. Users of the python-aiohttp package, or of the various packages that depend on it, will benefit from this security fix but should not expect any incompatibilities or performance regressions. In the unlikely case that you are maintaining software that depends directly on the llhttp package, you will need to rebuild it due to the SONAME version bump. Breaking changes from 6.0.10 to 8.1.1 include a couple of HTTP parsing changes (“do not allow whitespaces after start line,” “require semicolon to start chunk parameters”) and one API change (“rename status code 509”). Most programs will not require source code changes. [1] https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e2fcc4af81 [2] https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org/thread/DLJ4ILU6QHXN2YYHTHNTAF2ED6YRP23H/ [3] https://pagure.io/epel/issue/241 [4] https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/#process_for_incompatible_upgrades [5] https://access.redhat.com/security/cve/CVE-2023-30589 [4] https://github.com/advisories/GHSA-cggh-pq45-6h9x [5] https://github.com/aio-libs/aiohttp/security/advisories/GHSA-45c4-8wx5-qw6w ___ epel-devel mailing list -- epel-devel@lists.fedoraproject.org To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue