I have pushed this update to stable.
This is the final announcement prescribed by the EPEL Incompatible
Upgrades Policy,
https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
On 12/13/23 08:43, Ben Beasley wrote:
I have just submitted for testing
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-4b1b8b8b25,
which updates llhttp from 8.1.1 to 9.1.3 in EPEL9. This is an
ABI-incompatible update, and the SONAME version changes. There are
also some minor API changes.
The only package in EPEL9 that uses llhttp is python-aiohttp, and the
update also compatibly updates it from 3.8.5 to its latest release,
3.9.1.
Together, these updates fix a number of security issues, including
CVE-2023-47627, CVE-2023-49081, and CVE-2023-49082.
A COPR impact check in
https://copr.fedorainfracloud.org/coprs/music/aiohttp-epel9/ indicates
there should be no impact on any dependent packages in EPEL9.
If you have software not packaged in EPEL9 that depends directly on
llhttp, you will need to rebuild it due to the ABI changes. It is
possible that source code changes may be required if (like
python-aiohttp) you use almost the entire API of llhttp, or if you
have very thorough tests that reveal small changes in llhttp’s
behavior. Straightforward uses of llhttp are likely to recompile
without modification.
If you have software not packaged in EPEL9 that depends directly on
python-aiohttp, you should not need to do anything, but you might
choose to review the changelogs for releases 3.8.6, 3.9.0, and 3.9.1
here for full details on the changes included in this update:
https://github.com/aio-libs/aiohttp/blob/v3.9.1/CHANGES.rst#391-2023-11-26
I have no plans to attempt a build of llhttp or any update of
python-aiohttp in EPEL8.
This is an incompatible update under the EPEL Incompatible Upgrades
Policy,
https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/.
It was approved by the EPEL Steering Committee:
https://pagure.io/epel/issue/262.
--
_______________________________________________
epel-announce mailing list -- epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to
epel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
epel-announce mailing list -- epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-announce@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue