The following Fedora EPEL 9 Security updates need testing:
Age URL
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5d9511ad6e
prometheus-podman-exporter-1.11.0-1.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-3e437ee2d0
pandoc-2.14.0.3-17.el9 patat-0.8.7.0-4.el9
6
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-1e7f709e59
suricata-6.0.17-1.el9
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-5e764f8789
opensmtpd-7.4.0p1-1.el9
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-24aceec24b
chromium-123.0.6312.58-1.el9
1
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e2cad98fb0
tinyxml-2.6.2-28.el9
The following builds have been pushed to Fedora EPEL 9 updates-testing
3proxy-0.9.4-4.el9
distrobox-1.7.1-2.el9
fossil-2.23-3.el9
libopenmpt-0.7.6-1.el9
neomutt-20240329-1.el9
python-wsgidav-4.3.2-1.el9
pythoncapi-compat-0^20240328gitd16872a-1.el9
rust-selinux-sys-0.6.9-1.el9
verilator-5.022-1.el9
Details about builds:
================================================================================
3proxy-0.9.4-4.el9 (FEDORA-EPEL-2024-5fe51d2b65)
Tiny but very powerful proxy
--------------------------------------------------------------------------------
Update Information:
Adapt manpages to reflect renamed proxy binary (fixes rhbz#2271587)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Tim Semeijn <tim(a)goat.re> - 0.9.4-4
- Adapt manpages to reflect renamed proxy binary (fixes rhbz#2271587)
--------------------------------------------------------------------------------
================================================================================
distrobox-1.7.1-2.el9 (FEDORA-EPEL-2024-a3fef77779)
Another tool for containerized command line environments on Linux
--------------------------------------------------------------------------------
Update Information:
Added distrobox-host-exec to mangle_shebangs_exclude as per BZ#2271765
Update to 1.7.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Alessio <alciregi(a)fedoraproject.org> - 1.7.1-2
- Added distrobox-host-exec to mangle_shebangs_exclude as per BZ#2271765
* Mon Mar 25 2024 Alessio <alciregi(a)fedoraproject.org> - 1.7.1-1
- Update to 1.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271765 - Exclude distrobox-host-exec from shebang mangling
https://bugzilla.redhat.com/show_bug.cgi?id=2271765
--------------------------------------------------------------------------------
================================================================================
fossil-2.23-3.el9 (FEDORA-EPEL-2024-ca0d836ac4)
A distributed SCM with bug tracking and wiki
--------------------------------------------------------------------------------
Update Information:
Add to EPEL
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 24 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.23-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.23-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Nov 5 2023 Sheng Mao <shngmao(a)gmail.com> - 2.23-1
- Fossil upstream update: 2.23 (2023-11-01)
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.22-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jun 3 2023 Jonathan Schleifer <js(a)nil.im> - 2.22-1
- New upstream release 2.22
* Thu Jan 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.20-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Jul 24 2022 Sheng Mao <shngmao(a)gmail.com> - 2.19-1
- New upstream release 2.19
* Thu Feb 24 2022 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 2.18-1
- New upstream release 2.18
--------------------------------------------------------------------------------
================================================================================
libopenmpt-0.7.6-1.el9 (FEDORA-EPEL-2024-8526776b15)
C/C++ library to decode tracker music module (MOD) files
--------------------------------------------------------------------------------
Update Information:
libopenmpt 0.7.6 (2024-03-24)
[Sec] Potential heap out-of-bounds read or write past sample end with malformed
sustain loops in SymMOD files (r20420).
MED: Transposed samples were playing too low in some files (e.g. mix94.mmd1).
OKT: Some files with garbage at the end were rejected (e.g. katharsis - piano
lesson.okta).
Compressor DMO: It was possible that the plugin would not behave as intended at
mix rates above 500 kHz.
Avoid re-allocating the loop state map contents on every playthrough of the
module.
libopenmpt 0.7.5 (2024-03-17)
[Sec] Null-pointer write (32bit platforms) or excessive memory allocation (64bit
platforms) when reading close to 4GiB of data from unseekable files (r20336,
r20338).
[Sec] Write buffer overflow when reading unseekable files close to 4GiB in size
(r20339).
[Sec] Possible out-of-memory (32bit platforms) or excessive memory allocation
(64bit platforms) when reading malformed data from unseekable files (r20340).
[Sec] DMF: Possible null-pointer write or excessive memory allocation when
reading DMF files (r20323).
IT: In the previous version, Zxx macros in IT files made with older MPT versions
were no longer working.
There was a periodic click when playing a module using the Chorus or Flanger DMO
plugin at a mix rate exceeding ~136.5 kHz.
An older bugfix for undefined behaviour in the Distortion DMO plugin was
incorrect, causing the distorted sound to be different in some situations.
xmp-openmpt: Metadata retrievel for playlist items was broken.
libopenmpt 0.7.4 (2024-03-03)
[Bug] Makefile: libopenmpt 0.7.3 broke running the test suite for Emscripten
builds.
openmpt123: openmpt123 now uses a narrower layout on terminal windows with a
width of less than 72 characters.
Setting all possible load_skip flags resulted in nothing being loaded at all,
instead of just not loading the selected module parts.
When playing all subsongs, set_position_seconds didn���t always calculate the
correct subsong to jump to.
IT: A few more compatibility flags are now disabled for modules saved with
earlier Schism Tracker versions.
IT: MIDI macros were reset in IT 2.14 / 2.15 files that declared to be
compatible with older IT versions (fixes spx-visionsofthepast.it).
OKT: Work around missing negative arpeggio implementation by transposing the
notes up an octave.
OKT: Channel volume commands were sometimes lost over less important effects.
IMF: Ignore magic bytes in sample header. ���Leaving All Behind��� by Karsten Koch
uses unexpected magic bytes, Orpheus ignores them just like the instrument
header magic bytes.
zlib: Update to v1.3.1 (2024-01-22).
mpg123: Update to v1.32.5 (2024-02-17).
pugixml: Update to v1.14 (2023-10-01).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Michael Schwendt <mschwendt(a)fedoraproject.org> - 0.7.6-1
- update to 0.7.6
* Thu Jan 25 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2267561 - libopenmpt-0.7.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2267561
--------------------------------------------------------------------------------
================================================================================
neomutt-20240329-1.el9 (FEDORA-EPEL-2024-cccea915c5)
Text mode Mail Client
--------------------------------------------------------------------------------
Update Information:
This is a small Bug-Fix release.
Last week's release was faulty.
This one is much better.
Release Notes:
https://github.com/neomutt/neomutt/releases/tag/20240329
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Richard Russon <rich(a)flatcap.org> - 20240323-1
- Bug Fixes
- #4185 c441f5957 Fix memory leak in trash_append()
- #4189 Fix off-by-one error in %b with notmuch
- #4190 Zero-out mailbox counters on delete
- #4204 colour: honour the normal colour
- #4205 match folder-hook also against mailbox name (fixes #4201)
- wrap colour in <show-log-messages>
- history: fix saving file
- history: improve error message format
- Docs
- #4182 docs: -C: Fix some accidents
- #4188 Update oauth2 README
- #4193 Update oauth2 README
- fix typos, lots of tidying
- tidy license info
- Build
- #4196 use FreeBSD 14.0 in Cirrus CI
- actions: update cpu count
- actions: use codeql v3
- Code
- #4186 Buffer refactoring: make_entry()
- address: tidy config handling
- coverage: buf, slist
- graphviz: link labels
- tidy buf_strcpy() calls
- tidy char buffers
- test: default timezone to UTC
* Sat Mar 23 2024 Richard Russon <rich(a)flatcap.org> - 20240323-1
- Do NOT use this release
--------------------------------------------------------------------------------
================================================================================
python-wsgidav-4.3.2-1.el9 (FEDORA-EPEL-2024-dcb93b0489)
Generic and extendable WebDAV server based on WSGI
--------------------------------------------------------------------------------
Update Information:
4.3.2 / 2024-03-29
Fix
https://github.com/mar10/wsgidav/issues/318, release 4.3.1 uses an etree.XML
keyword not supported by lxml
4.3.1 / 2024-03-24
New option suppress_version_info to suppress WsgiDAV's version info in responses
(default: false).
--root argument honors fs_dav_provider configuration.
_DAVResource should have is_link() method to avoid dir_browser issues.
remove defusedxml dependency.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Packit <hello(a)packit.dev> - 4.3.2-1
- [packit] 4.3.2 upstream release
- Resolves rhbz#2271268
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271268 - python-wsgidav-4.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271268
--------------------------------------------------------------------------------
================================================================================
pythoncapi-compat-0^20240328gitd16872a-1.el9 (FEDORA-EPEL-2024-025789d5ab)
Python C API compatibility
--------------------------------------------------------------------------------
Update Information:
Update to 0^20240328gitd16872a: Fix test_unicode()
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20240328gitd16872a-1
- Update to 0^20240328gitd16872a
- Fix test_unicode()
* Fri Mar 29 2024 Benjamin A. Beasley <code(a)musicinmybrain.net> -
0^20240321gitb16ff9a-2
- Add an rpmlintrc file
--------------------------------------------------------------------------------
================================================================================
rust-selinux-sys-0.6.9-1.el9 (FEDORA-EPEL-2024-ec9804403d)
Flexible Mandatory Access Control (MAC) for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 29 2024 Michel Lind <salimma(a)fedoraproject.org> - 0.6.9-1
- Update to 0.6.9 (rhbz#2271953)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2271953 - rust-selinux-sys-0.6.9 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2271953
--------------------------------------------------------------------------------
================================================================================
verilator-5.022-1.el9 (FEDORA-EPEL-2024-f44825047a)
A fast simulator for synthesizable Verilog
--------------------------------------------------------------------------------
Update Information:
Update to 5.022
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 28 2024 Nolan Poe <npgo22(a)gmail.com> - 5.022-1
- Update to 5.022 - Fix SPDX License identifier - Add CMake for tests - Fix
runtime dependency check - Fix runtime version checck - Fix
multithreading bug that causes spurious failures - Default to using
tcmalloc
* Sun Feb 18 2024 Filipe Rosset <rosset.filipe(a)gmail.com> - 5.020-1
- update verilator to 5.020 fixes rhbz#2239297
* Sat Jan 27 2024 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.014-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Sep 9 2023 Filipe Rosset <rosset.filipe(a)gmail.com> - 5.014-2
- fix build requires
* Sat Sep 9 2023 Filipe Rosset <rosset.filipe(a)gmail.com> - 5.014-1
- update to verilator-5.014
* Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.226-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.226-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Sep 24 2022 Filipe Rosset <rosset.filipe(a)gmail.com> - 4.226-1
- Update to 4.226, enabled tests, spec cleanup and modernization
- Fixes rhbz#1933296 rhbz#2047099 and rhbz#2026957
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.108-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------