[EPEL-devel] Re: Incompatible update request for EPEL 9: dav1d 1.2.1 → 1.5.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, Oct 21, 2024 at 8:49 AM Troy Dawson <tdawson@xxxxxxxxxx> wrote:
On Mon, Oct 21, 2024 at 8:04 AM Fabio Valentini <decathorpe@xxxxxxxxx> wrote:
Hi all,

There have been a number of releases of dav1d newer than the one
shipped in EPEL 9 right now, one of which include fixes for this CVE:
https://bugzilla.redhat.com/show_bug.cgi?id=2264940

Looking at upstream commit history, there seem to be other "security
fixes" that have just not been assigned a CVE number. I have looked
into backporting the fixes to the version currently in EPEL 9, but
it's 1) unclear which commits all need to be backported, and 2) some
changes aren't cleanly backportable, and 3) that would not cover
security fixes not associated with a CVE number.

For this reason, I would like to build the version of dav1d that's
currently in Fedora 40+ and in EPEL 10 also for EPEL 9. This includes
one soname bump (since dav1d 1.3.0) due to an ABI change, which makes
this an incompatible update, but there were no actual API changes.

Packages in the EPEL 9 repos that depend on dav1d that would need to be rebuilt:

chromium: chromium
chromium: chromium-headless
ffmpeg: libavcodec-free
libavif0.10: libavif0.10
libavif: libavif
libheif: libheif
vlc: vlc-plugins-base
xine-lib: xine-lib

Fabio

Thank you for following the Incompatible update process.

Looking at things, I agree that updating is the best step forward.

My only concern is that you will be rebuilding the "heavy hitters" dealing with web browsing, video and sound.
If this gets approved, please be careful with those and try to communicate with their maintainers as much as possible.

Troy


This was brought up and approved at this weeks EPEL Steering Committee meeting.
You may now proceed with the next steps in the Incompatible Upgrade process.

Troy
 
-- 
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux