The following Fedora EPEL 9 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-917679773c GitPython-3.1.32-1.el9 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e2fcc4af81 llhttp-8.1.1-1.el9 python-aiohttp-3.8.5-1.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-f08c8f0812 chromium-116.0.5845.96-1.el9 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-e2f8cb1ee1 clamav-1.0.2-1.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
ImageMagick-6.9.12.93-1.el9 arpwatch-3.3-12.el9 knot-resolver-5.7.0-1.el9 lagrange-1.16.7-1.el9 libcacard-2.8.1-6.el9 libicu50-50.2-5.el9 libpng12-1.2.57-18.el9 ntpsec-1.2.2a-1.el9 pcsc-tools-1.6.2-2.el9 php-pecl-mailparse-3.1.6-1.el9 python-mapbox-earcut-1.0.1-4.el9 rust-difftastic-0.50.0-2.el9 rust-libmimalloc-sys-0.1.33-1.el9 rust-mimalloc-0.1.37-1.el9
Details about builds:
================================================================================ ImageMagick-6.9.12.93-1.el9 (FEDORA-EPEL-2023-7a43301d55) An X application for displaying and manipulating images -------------------------------------------------------------------------------- Update Information:
Update ImageMagick to 6.9.12.93 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 S��rgio Basto sergio@serjux.com - 1:6.9.12.93-1 - Update ImageMagick to 6.9.12.93 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2208537 - CVE-2023-2157 ImageMagick: heap overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2208537 [ 2 ] Bug #2210659 - CVE-2023-34152 ImageMagick: RCE (shell command injection) vulnerability in OpenBlob with --enable-pipes configured https://bugzilla.redhat.com/show_bug.cgi?id=2210659 [ 3 ] Bug #2210660 - CVE-2023-34153 ImageMagick: Shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding https://bugzilla.redhat.com/show_bug.cgi?id=2210660 [ 4 ] Bug #2214148 - CVE-2023-34474 ImageMagick: heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c https://bugzilla.redhat.com/show_bug.cgi?id=2214148 [ 5 ] Bug #2214149 - CVE-2023-34475 ImageMagick: heap use-after-free issue in ReplaceXmpValue() function in MagickCore/profile.c. https://bugzilla.redhat.com/show_bug.cgi?id=2214149 --------------------------------------------------------------------------------
================================================================================ arpwatch-3.3-12.el9 (FEDORA-EPEL-2023-2440c48acd) Network monitoring tools for tracking IP addresses on a network -------------------------------------------------------------------------------- Update Information:
Generate ethercodes.dat from latest oui.csv -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 21 2023 Benjamin A. Beasley code@musicinmybrain.net - 14:3.3-12 - Generate ethercodes.dat from latest oui.csv --------------------------------------------------------------------------------
================================================================================ knot-resolver-5.7.0-1.el9 (FEDORA-EPEL-2023-d970476232) Caching full DNS Resolver -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 5.7.0 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 Jakub Ru��i��ka jakub.ruzicka@nic.cz - 5.7.0-1 - New upstream version 5.7.0 --------------------------------------------------------------------------------
================================================================================ lagrange-1.16.7-1.el9 (FEDORA-EPEL-2023-5cf0ee8dde) A Beautiful Gemini Client -------------------------------------------------------------------------------- Update Information:
- Zoomable input prompt text. - Option for silently following scheme-changing redirects. - Tab creation and closing follows common browser conventions. - Preferences: Moved cache/memory size settings under "Content". - Smarter page titling for windows/tabs. - Bug fixes: incorrect tab order at launch and with "Open in New Tabs"; handling Ctrl+L/���L when Upload dialog is open; hiding input prompt dialog when switching tabs; unresponsive text fields; parsing "hostname:port" in navbar; a couple of potential crashes. - (v1.16.1) Fixed AltGr key when entering text. - (v1.16.2) Set focus to navbar URL when opening a window. Fixed issues with shortening URLs by omitting the "gemini:" (now only done visually, as it should be). - (v1.16.3) Bug fixes: Trim pasted URLs; zooming vs. multiple windows; single-Emoji links not appearing; navbar URL text selection when switching tabs; mouse scrolling unfocused windows; (macOS) restoring correct window focus when app comes to foreground. - (v1.16.4) UI: improved context menu popup placement; improved tab closing order; center short titles in margin. Bug fixes: navbar URL selection; input prompt layout; input field update when blinking cursor disabled; stuck mouse button when opening context menu while dragging; incorrect behavior during/after window resizing. macOS: drag getting stuck when opening a context menu, potential window freezes while swiping. Windows: Updated SDL to 2.26.5. Linux: Updated AppImage's SDL to 2.26.5 built from source, fixing window behavior issues; the binary is still compiled on Ubuntu 18.04. TUI: Fixed build error. - (v1.16.5) Fixed a crash in the Flatpak build. Changed where new tabs are placed with the regular "New Tab" command. - (v1.16.6) Bug fixes: crash related to invalid UTF-8 on a link line; splitting long lines in input fields. - (v1.16.7) Fixed a couple of issues with streaming responses. -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 Michel Alexandre Salim salimma@fedoraproject.org - 1.16.7-1 - Update to 1.16.7 * Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.15.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2179142 - lagrange-1.16.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2179142 --------------------------------------------------------------------------------
================================================================================ libcacard-2.8.1-6.el9 (FEDORA-EPEL-2023-bc059c92be) CAC (Common Access Card) library -------------------------------------------------------------------------------- Update Information:
New package for EPEL9 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 3:2.8.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu May 18 2023 Jakub Jelen jjelen@redhat.com - 2.8.1-5 - Sort certificates by ID * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 3:2.8.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 3:2.8.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 3:2.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Mon Aug 16 2021 Jakub Jelen jjelen@redhat.com - 2.8.1-1 - New upstream release * Mon Aug 2 2021 Marc-Andr�� Lureau marcandre.lureau@redhat.com - 3:2.8.0-5.20210801gitcf6121deb4 - Fix UNKNOWN pkg-config version, rhbz#1989031 * Sun Aug 1 2021 Marc-Andr�� Lureau marcandre.lureau@redhat.com - 3:2.8.0-4.20210801gitcf6121deb4 - Update to git snapshot v2.8.0.22 - Fix FTBFS rhbz#1987641 * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 3:2.8.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2233160 - Please branch and build libcacard in epel9 https://bugzilla.redhat.com/show_bug.cgi?id=2233160 --------------------------------------------------------------------------------
================================================================================ libicu50-50.2-5.el9 (FEDORA-EPEL-2023-88bf7b3af9) Compat package with icu libraries -------------------------------------------------------------------------------- Update Information:
Initial libicu50 package based on RHEL7's icu package. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 21 2023 Carl George carlwgeorge@fedoraproject.org - 50.2-5 - Initial libicu50 package based on RHEL7's icu package --------------------------------------------------------------------------------
================================================================================ libpng12-1.2.57-18.el9 (FEDORA-EPEL-2023-38b4893cf4) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information:
first build for epel9 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.2.57-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.2.57-17 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.2.57-16 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.2.57-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 1.2.57-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2233544 - Please branch and build libpng12 in epel9. https://bugzilla.redhat.com/show_bug.cgi?id=2233544 --------------------------------------------------------------------------------
================================================================================ ntpsec-1.2.2a-1.el9 (FEDORA-EPEL-2023-02f7139d40) NTP daemon and utilities -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2023-4012 (server crash after client request) -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 3 2023 Miroslav Lichvar mlichvar@redhat.com 1.2.2a-1 - update to 1.2.2a (CVE-2023-4012) * Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jun 14 2023 Python Maint python-maint@redhat.com - 1.2.2-3 - Rebuilt for Python 3.12 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Jan 2 2023 Miroslav Lichvar mlichvar@redhat.com 1.2.2-1 - update to 1.2.2 * Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.2.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint python-maint@redhat.com - 1.2.1-8 - Rebuilt for Python 3.11 --------------------------------------------------------------------------------
================================================================================ pcsc-tools-1.6.2-2.el9 (FEDORA-EPEL-2023-ed0afd252f) Tools to be used with smart cards and PC/SC -------------------------------------------------------------------------------- Update Information:
New EPEL9 package -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jan 31 2023 Jakub Jelen jjelen@redhat.com - 1.6.2-1 - New upstream release (#2165783) * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 1.6.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Jan 2 2023 Jakub Jelen jjelen@redhat.com - 1.6.1-1 - New upstream release (#2156953) * Fri Jul 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.6.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jan 31 2022 Jakub Jelen jjelen@redhat.com - 1.6.0-1 - New upstream release (#2048150) * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.5.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Mon Nov 8 2021 Jakub Jelen jjelen@redhat.com - 1.5.8-1 - New upstream release and updated smartcard list (#2020954) * Thu Jul 22 2021 Fedora Release Engineering releng@fedoraproject.org - 1.5.7-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ php-pecl-mailparse-3.1.6-1.el9 (FEDORA-EPEL-2023-dd6d05c445) PHP PECL package for parsing and working with email messages -------------------------------------------------------------------------------- Update Information:
**Version 3.1.6** - fix #29 Segmentation fault with ISO-2022-JP Subject header - fix #30 Segmentation fault with UTF-8 encoded X-MS-Iris-MetaData header - revert fix #81403 mailparse_rfc822_parse_addresses drops escaped quotes -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 Remi Collet remi@remirepo.net - 3.1.6-1 - update to 3.1.6 --------------------------------------------------------------------------------
================================================================================ python-mapbox-earcut-1.0.1-4.el9 (FEDORA-EPEL-2023-fb11e5cf37) Python bindings to the mapbox earcut C++ library -------------------------------------------------------------------------------- Update Information:
Fix Python 3.9/3.11 conflict from pybind11-static BR ---- Fix FTBFS due to Python version confusion with pybind11 -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 21 2023 Benjamin A. Beasley code@musicinmybrain.net - 1.0.1-4 - Fix Python 3.9/3.11 conflict from pybind11-static BR * Wed Aug 16 2023 Benjamin A. Beasley code@musicinmybrain.net - 1.0.1-3 - Drop BR on virtual Provides for header-only pybind11 - Fixes FTBFS due to a conflict between Python 3.9 and 3.11 pybind11 packages in EL9; the Python 3.11 one now appears to provide pybind11-static. --------------------------------------------------------------------------------
================================================================================ rust-difftastic-0.50.0-2.el9 (FEDORA-EPEL-2023-fda414e18d) Structural diff that understands syntax -------------------------------------------------------------------------------- Update Information:
### Conflicts Difftastic now supports parsing files with conflict markers, enabling you to diff the two conflicting file states. ``` $ difft file_with_conflicts.js ``` ### Parsing Updated Elixir, Erlang, Go, Kotlin and Racket parsers. ### Display Tweaked the colours on the file header, to make metadata less prominent. Improved styling of file rename information. Improved syntax hightling for Java built-in types. ### Diffing Fixed an issue with runaway memory usage when the two files input files had a large number of differences. -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 21 2023 Michel Alexandre Salim salimma@fedoraproject.org - 0.50.0-2 - Fix typo on License field * Mon Aug 21 2023 Michel Alexandre Salim salimma@fedoraproject.org - 0.50.0-1 - Update to 0.50.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2232292 - rust-difftastic-0.50.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2232292 --------------------------------------------------------------------------------
================================================================================ rust-libmimalloc-sys-0.1.33-1.el9 (FEDORA-EPEL-2023-c61d8e91c3) Sys crate wrapping the mimalloc allocator -------------------------------------------------------------------------------- Update Information:
## 0.1.37 2023-04-24, v1.8.2, v2.1.2: - Fixes build issues on freeBSD, musl, and C17 (UE 5.1.1) - Reduce code size/complexity by removing regions and segment-cache's and only use arenas with improved memory purging -- this may improve memory usage as well for larger services. - Renamed options for consistency. - Improved Valgrind and ASAN checking. ## 0.1.36 Fixed platform- specific build errors from upstream -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 Michel Alexandre Salim salimma@fedoraproject.org - 0.1.33-1 - Update to 0.1.33 * Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.1.30-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2183708 - rust-libmimalloc-sys-0.1.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2183708 [ 2 ] Bug #2183716 - rust-mimalloc-0.1.37 is available https://bugzilla.redhat.com/show_bug.cgi?id=2183716 --------------------------------------------------------------------------------
================================================================================ rust-mimalloc-0.1.37-1.el9 (FEDORA-EPEL-2023-c61d8e91c3) Performance and security oriented drop-in allocator -------------------------------------------------------------------------------- Update Information:
## 0.1.37 2023-04-24, v1.8.2, v2.1.2: - Fixes build issues on freeBSD, musl, and C17 (UE 5.1.1) - Reduce code size/complexity by removing regions and segment-cache's and only use arenas with improved memory purging -- this may improve memory usage as well for larger services. - Renamed options for consistency. - Improved Valgrind and ASAN checking. ## 0.1.36 Fixed platform- specific build errors from upstream -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 22 2023 Michel Alexandre Salim salimma@fedoraproject.org - 0.1.37-1 - Update to 0.1.37 * Fri Jul 21 2023 Fedora Release Engineering releng@fedoraproject.org - 0.1.32-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 0.1.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2183708 - rust-libmimalloc-sys-0.1.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=2183708 [ 2 ] Bug #2183716 - rust-mimalloc-0.1.37 is available https://bugzilla.redhat.com/show_bug.cgi?id=2183716 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org