Incompatible update of llhttp in EPEL9

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have just submitted for testing https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4b1b8b8b25, which updates llhttp from 8.1.1 to 9.1.3 in EPEL9. This is an ABI-incompatible update, and the SONAME version changes. There are also some minor API changes.

The only package in EPEL9 that uses llhttp is python-aiohttp, and the update also compatibly updates it from 3.8.5 to its latest release, 3.9.1.

Together, these updates fix a number of security issues, including CVE-2023-47627, CVE-2023-49081, and CVE-2023-49082.

A COPR impact check in https://copr.fedorainfracloud.org/coprs/music/aiohttp-epel9/ indicates there should be no impact on any dependent packages in EPEL9.

If you have software not packaged in EPEL9 that depends directly on llhttp, you will need to rebuild it due to the ABI changes. It is possible that source code changes may be required if (like python-aiohttp) you use almost the entire API of llhttp, or if you have very thorough tests that reveal small changes in llhttp’s behavior. Straightforward uses of llhttp are likely to recompile without modification.

If you have software not packaged in EPEL9 that depends directly on python-aiohttp, you should not need to do anything, but you might choose to review the changelogs for releases 3.8.6, 3.9.0, and 3.9.1 here for full details on the changes included in this update: https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#391-2023-11-26

I have no plans to attempt a build of llhttp or any update of python-aiohttp in EPEL8.

This is an incompatible update under the EPEL Incompatible Upgrades Policy, https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/. It was approved by the EPEL Steering Committee: https://pagure.io/epel/issue/262.
--
_______________________________________________
epel-announce mailing list -- epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]
  Powered by Linux