The following Fedora EPEL 8 Security updates need testing: Age URL 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-f282573e05 et-6.2.8-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing libmongocrypt-1.10.0-1.el8 mongo-c-driver-1.27.0-1.el8 stb-0-0.45.20240213gitae721c5.el8 Details about builds: ================================================================================ libmongocrypt-1.10.0-1.el8 (FEDORA-EPEL-2024-a5c1e0a4d2) The companion C library for client side encryption in drivers -------------------------------------------------------------------------------- Update Information: Version 1.10.0 New features Support KMIP delegated option. Support processing bulkWrite command. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2024 Remi Collet <remi@xxxxxxxxxxxx> - 1.10.0-1 - update to 1.10.0 -------------------------------------------------------------------------------- ================================================================================ mongo-c-driver-1.27.0-1.el8 (FEDORA-EPEL-2024-78cb8d0ff5) Client library written in C for MongoDB -------------------------------------------------------------------------------- Update Information: libmongoc 1.27.0 Notes: Raise required version of libmongocrypt to 1.10.0 to support In-Use Encryption (corresponds to the CMake option: ENABLE_CLIENT_SIDE_ENCRYPTION). A future minor release plans to raise the minimum supported MongoDB Server version from 3.6 to 4.0. This is in accordance with MongoDB Software Lifecycle Schedules. Fixes: Fix possible crash when client is configured with empty password. New Features: Add database name to command events: mongoc_apm_command_failed_get_database_name and mongoc_apm_command_succeeded_get_database_name. Support delegated KMIP protocol for In-Use Encryption. Enable setting socket timeout per client. libmongoc 1.26.2 Fixes: Fix possible hang if mongoc_gridfs_file_readv is called with a corrupt chunk with incomplete data. Fix assert with legacy exhaust cursor protocol when connected to server < 4.2. libmongoc 1.26.1 Fixes: Fix 32-bit compile with 64-bit time_t libmongoc 1.26.0 New Features: Support named KMS providers. Redirect retries in sharded clusters to another mongos if possible. Improvements: Add VERSION_CURRENT file in source to ease building. Consider more errors retryable. libmongoc 1.25.4 Fixes: Restore support for Sphinx 1.7.6 for man page build. libmongoc 1.25.3 Fixes: Disable shared libmongoc targets if ENABLE_SHARED=OFF Fix documentation build with Python 3.9. libmongoc 1.25.2 Fixes: Fix data race in mongoc_cursor_get_host. Accept discouraged timeout values for backwards compatibility. libmongoc 1.25.1 Fixes: Add back support for BUILD_VERSION CMake option. BUILD_VERSION was unintentionally removed in 1.25.0. libmongoc 1.25.0 Fixes: Send recoveryToken in transactions when connected to a load balancer. Improvements: Remove optional dependency of libicu. Use OP_MSG exhaust for mongod >= 4.2. Enable exhaust cursors for mongos >= 7.1. Share cached credentials for SCRAM authentication among all clients to improve performance. Use polling monitoring in FaaS environments. Build Configuration: Remove ENABLE_SRV=AUTO. Only support boolean values for ENABLE_SRV. libbson 1.27.0 No changes libbson 1.25.4 Fixes: Restore support for Sphinx 1.7.6 for man page build. libbson 1.25.2 Fixes: Fix conversion warning with GCC 12. Include -pthread in pkg-config Libs. libbson 1.25.1 Fixes: The BUILD_VERSION CMake option was restored. Fixes to some format strings in trace logs. Allow mongoc_buffer_t to be larger than INT_MAX. libbson 1.25.0 New Features: Add bson_array_builder_t. -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2024 Remi Collet <remi@xxxxxxxxxxxx> - 1.27.0-1 - update to 1.27.0 - raise dependency to libmongocrypt 1.10.0 - drop dependency on libicu - add dependency on libutf8proc -------------------------------------------------------------------------------- ================================================================================ stb-0-0.45.20240213gitae721c5.el8 (FEDORA-EPEL-2024-6327fb701b) Single-file public domain libraries for C/C++ -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2023-45681 / CVE-2023-47212 -------------------------------------------------------------------------------- ChangeLog: * Thu May 2 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0-0.45.20240213gitae721c5 - Patch for GHSL-2023-171/CVE-2023-45681/CVE-2023-47212 * Thu May 2 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0-0.44.20240213gitae721c5 - Fix a description to use American English orthography * Thu May 2 2024 David Abdurachmanov <davidlt@xxxxxxxxxxxx> - 0-0.42.20240213gitae721c5 - Fix compile error on riscv64 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2278401 - CVE-2023-47212 stb: stb_vorbis.c comment heap-based buffer overflow vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=2278401 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
