Fedora EPEL 9 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The following Fedora EPEL 9 Security updates need testing:
 Age  URL
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-b17c8fc3fc   engrampa-1.26.2-1.el9
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-9a7708876e   mbedtls-2.28.7-1.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-a7417a00b4   python-asyncssh-2.13.2-4.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-e2bbd00d36   libgit2-1.7.2-2.el9 libgit2_1.6-1.6.5-1.el9 python-pygit2-1.14.0-2.el9
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-471565274b   clamav-1.0.5-1.el9
   2  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-554deba0ce   chromium-121.0.6167.160-1.el9
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-2f82caee80   libmodsecurity-3.0.12-1.el9


The following builds have been pushed to Fedora EPEL 9 updates-testing

    composer-2.7.1-1.el9
    ode-0.16.4-2.el9
    php-pecl-ssh2-1.4.1-1.el9
    syncthing-1.27.3-1.el9

Details about builds:


================================================================================
 composer-2.7.1-1.el9 (FEDORA-EPEL-2024-853cbc5eb4)
 Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:

Version 2.7.1 -  2024-02-09
Added several warnings when plugins are disabled to hint at common problems
people had with 2.7.0 (#11842)
Fixed diagnose auditing of Composer dependencies failing when running from the
phar
Version 2.7.0 - 2024-02-08
Security: Fixed code execution and possible privilege escalation via compromised
vendor dir contents (GHSA-7c6p-848j-wh5h / CVE-2024-24821)
Changed the default of the audit.abandoned config setting to fail, set it to
report or ignore if you do not want this, or set it via COMPOSER_AUDIT_ABANDONED
env var (#11643)
Added --minimal-changes (-m) flag to update/require/remove commands to perform
partial update with --with-dependencies while changing only what is absolutely
necessary in transitive dependencies (#11665)
Added --sort-by-age (-A) flag to outdated/show commands to allow sorting by and
displaying the release date (most outdated first) (#11762)
Added support for --self combined with --installed or --locked in show command,
to add the root package to the package list being output (#11785)
Added severity information to audit command output (#11702)
Added scripts-aliases top level key in composer.json to define aliases for
custom scripts you defined (#11666)
Added IPv4 fallback on connection timeout, as well as a COMPOSER_IPRESOLVE env
var to force IPv4 or IPv6, set it to 4 or 6 (#11791)
Added support for wildcards in outdated's --ignore arg (#11831)
Added support for bump command bumping * to >=current version (#11694)
Added detection of constraints that cannot possibly match anything to validate
command (#11829)
Added package source information to the output of install when running in very
verbose (-vv) mode (#11763)
Added audit of Composer's own bundled dependencies in diagnose command (#11761)
Added GitHub token expiration date to diagnose command output (#11688)
Added non-zero status code to why/why-not commands (#11796)
Added error when calling show --direct <package> with an indirect/transitive
dependency (#11728)
Added COMPOSER_FUND=0 env var to hide calls for funding (#11779)
Fixed bump command not bumping packages required with a v prefix (#11764)
Fixed automatic disabling of plugins when running non-interactive as root
Fixed update --lock not keeping the dist reference/url/checksum pinned (#11787)
Fixed require command crashing at the end if no lock file is present (#11814)
Fixed root aliases causing problems when auditing locked dependencies (#11771)
Fixed handling of versions with 4 components in require command (#11716)
Fixed compatibility issues with Symfony 7
Fixed composer.json remaining behind after a --dry-run of the require command
(#11747)
Fixed warnings being shown incorrectly under some circumstances (#11786, #11760,
#11803)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Feb 10 2024 Remi Collet <remi@xxxxxxxxxxxx> - 2.7.1-1
- update to 2.7.1
--------------------------------------------------------------------------------


================================================================================
 ode-0.16.4-2.el9 (FEDORA-EPEL-2024-28163c5eaf)
 High performance library for simulating rigid body dynamics
--------------------------------------------------------------------------------
Update Information:

Initial EL-9 build
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  2 2024 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 0.16.4-2
- SPDX license tags
* Thu Feb  1 2024 Gwyn Ciesla <gwync@xxxxxxxxxxxxxx> - 0.16.4-1
- 0.16.4
* Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Mon Mar 20 2023 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.16.3-1
- Update to 0.16.3 (rhbz#2155091)
* Thu Jan 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Apr  7 2022 Hedayat Vatankhah <hedayat.fwd+rpmchlog@xxxxxxxxx> - 0.16.2-1
- Update to 0.16.2 (rhbz#1438205)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2263947 - Please branch and build ode for EPEL 9
        https://bugzilla.redhat.com/show_bug.cgi?id=2263947
--------------------------------------------------------------------------------


================================================================================
 php-pecl-ssh2-1.4.1-1.el9 (FEDORA-EPEL-2024-d606611246)
 Bindings for the libssh2 library
--------------------------------------------------------------------------------
Update Information:

Version 1.4.1
End zend_function_entry ssh2_functions list with PHP_FE_END [PR #67] (Gerdriaan
Mulder)
Remove implicit switch-case fallthrough [PR #66] (Gerdriaan Mulder)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 12 2024 Remi Collet <remi@xxxxxxxxxxxx> - 1.4.1-1
- Update to 1.4.1
- build out of sources tree
--------------------------------------------------------------------------------


================================================================================
 syncthing-1.27.3-1.el9 (FEDORA-EPEL-2024-f808902932)
 Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:

Update to version 1.27.3.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.27.3
This update also addresses CVE-2023-49295 in quic-go: https://github.com/quic-
go/quic-go/security/advisories/GHSA-ppxx-5m9h-6vxf
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 12 2024 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.27.3-1
- Update to version 1.27.3; Fixes RHBZ#2263121
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2257828 - CVE-2023-49295 syncthing: quic-go: memory exhaustion attack against QUIC's path validation mechanism [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2257828
--------------------------------------------------------------------------------

--
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux