The following Fedora EPEL 9 Security updates need testing: Age URL 19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-c5986b2cf1 iaito-5.9.6-1.el9 radare2-5.9.6-1.el9 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-23b122f235 trafficserver-9.2.6-2.el9 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2024-97fdc539e2 cobbler-3.3.7-1.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing cobbler3.2-3.2.3-2.el9 copr-rpmbuild-1.1-1.el9 kobo-0.38.0-1.el9 onedrive-2.5.3-1.el9 perl-Devel-CheckBin-0.04-23.el9 perl-File-DirList-0.05-12.el9 proftpd-1.3.8b-4.el9 python-aiohttp-3.9.5-2.el9 python-typer-0.10.0-4.el9 rust-avif-parse-1.3.2-1.el9 rust-axum-0.7.8-1.el9 rust-clap-4.5.21-1.el9 rust-clap_builder-4.5.21-1.el9 rust-clap_complete-4.5.38-1.el9 rust-clap_lex-0.7.3-1.el9 rust-fallible_collections-0.5.1-1.el9 rust-image-0.25.5-1.el9 rust-image-webp-0.2.0-1.el9 rust-insta-1.41.1-1.el9 Details about builds: ================================================================================ cobbler3.2-3.2.3-2.el9 (FEDORA-EPEL-2024-1fa5fbde17) Boot server configurator -------------------------------------------------------------------------------- Update Information: Update to 3.2.3 - CVE-2024-47533 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Orion Poplawski <orion@xxxxxxxx> - 3.2.3-2 - Add patch to fix internal version to 3.2.3 * Sun Nov 17 2024 Orion Poplawski <orion@xxxxxxxx> - 3.2.3-1 - Update to 3.2.3 (CVE-2024-47533) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327079 - CVE-2024-47533 cobbler3.2: Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2327079 -------------------------------------------------------------------------------- ================================================================================ copr-rpmbuild-1.1-1.el9 (FEDORA-EPEL-2024-0799def9bf) Run COPR build tasks -------------------------------------------------------------------------------- Update Information: Make_srpmbuild, set recursive safe.directory Activate Red Hat subscription on demand Drop six usage (this is a Python 3 only package) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 22 2024 Jakub Kadlcik <frostyx@xxxxxxxx> 1.1-1 - Make_srpmbuild, set recursive safe.directory - Activate Red Hat subscription on demand - Drop six usage (this is a Python 3 only package) - Add tooling for "safer" RH subscription -------------------------------------------------------------------------------- ================================================================================ kobo-0.38.0-1.el9 (FEDORA-EPEL-2024-753c0d02ae) Python modules for tools development -------------------------------------------------------------------------------- Update Information: rebase to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Kamil Dudka <kdudka@xxxxxxxxxx> - 0.38.0-1 - rebase to latest upstream release (rhbz#2327211) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327211 - kobo-0.38.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2327211 -------------------------------------------------------------------------------- ================================================================================ onedrive-2.5.3-1.el9 (FEDORA-EPEL-2024-28f13b2505) OneDrive Free Client written in D -------------------------------------------------------------------------------- Update Information: Update to 2.5.3 (#2326647) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 15 2024 Fedora Release Monitoring <release-monitoring@xxxxxxxxxxxxxxxxx> - 2.5.3-1 - Update to 2.5.3 (#2326647) -------------------------------------------------------------------------------- ================================================================================ perl-Devel-CheckBin-0.04-23.el9 (FEDORA-EPEL-2024-1cbfb0d21e) Check that a command is available -------------------------------------------------------------------------------- Update Information: This is teh first EPEL-9 build of perl-Devel-CheckBin. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 28 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 0.04-23 - Use SPDX-format license tag - Use author-independent source URL - Simplify find command using -delete - Fix permissions verbosely * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.04-22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.04-21 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon May 30 2022 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.04-20 - Perl 5.36 rebuild * Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.04-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.04-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.04-17 - Perl 5.34 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327507 - Please branch and build perl-Devel-CheckBin for EPEL 9 https://bugzilla.redhat.com/show_bug.cgi?id=2327507 -------------------------------------------------------------------------------- ================================================================================ perl-File-DirList-0.05-12.el9 (FEDORA-EPEL-2024-0f57f37d78) Provide a sorted list of directory content -------------------------------------------------------------------------------- Update Information: Initial epel9 package -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.05-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327508 - Please branch and build perl-File-DirList for EPEL 9 https://bugzilla.redhat.com/show_bug.cgi?id=2327508 -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.8b-4.el9 (FEDORA-EPEL-2024-d04e7d3f0d) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: This update fixes an issue with message authentication in mod_radius. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.8b-4 - Fix RADIUS Message-Authenticator verification in mod_radius - https://github.com/proftpd/proftpd/issues/1840 - https://bugzilla.redhat.com/show_bug.cgi?id=2325448 -------------------------------------------------------------------------------- ================================================================================ python-aiohttp-3.9.5-2.el9 (FEDORA-EPEL-2024-7ac44bd3cc) Python HTTP client/server for asyncio -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2024-52304 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 3.9.5-2 - Security fix for CVE-2024-52304 (fixes RHBZ#2327152) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327152 - CVE-2024-52304 python-aiohttp: aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions [epel-9] https://bugzilla.redhat.com/show_bug.cgi?id=2327152 -------------------------------------------------------------------------------- ================================================================================ python-typer-0.10.0-4.el9 (FEDORA-EPEL-2024-99720de217) Build great CLIs; easy to code; based on Python type hints -------------------------------------------------------------------------------- Update Information: Build without python3-coverage -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.10.0-4 - Stub out "coverage run" well enough to drop the coverage dep. * Tue Nov 19 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.10.0-2 - Remove an Obsoletes that has served its upgrade-path purpose -------------------------------------------------------------------------------- ================================================================================ rust-avif-parse-1.3.2-1.el9 (FEDORA-EPEL-2024-117301db0a) Parser for AVIF image files -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.3.2-1 - Update to version 1.3.2; Fixes RHBZ#2324374 -------------------------------------------------------------------------------- ================================================================================ rust-axum-0.7.8-1.el9 (FEDORA-EPEL-2024-0030f8332b) Web framework that focuses on ergonomics and modularity -------------------------------------------------------------------------------- Update Information: Update to version 0.7.8. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.7.8-1 - Update to version 0.7.8; Fixes RHBZ#2326580 -------------------------------------------------------------------------------- ================================================================================ rust-clap-4.5.21-1.el9 (FEDORA-EPEL-2024-117301db0a) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 4.5.21-1 - Update to version 4.5.21; Fixes RHBZ#2326005 -------------------------------------------------------------------------------- ================================================================================ rust-clap_builder-4.5.21-1.el9 (FEDORA-EPEL-2024-117301db0a) Simple to use, efficient, and full-featured Command Line Argument Parser -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 4.5.21-1 - Update to version 4.5.21; Fixes RHBZ#2326002 -------------------------------------------------------------------------------- ================================================================================ rust-clap_complete-4.5.38-1.el9 (FEDORA-EPEL-2024-117301db0a) Generate shell completion scripts for your clap::Command -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 4.5.38-1 - Update to version 4.5.38; Fixes RHBZ#2326003 -------------------------------------------------------------------------------- ================================================================================ rust-clap_lex-0.7.3-1.el9 (FEDORA-EPEL-2024-117301db0a) Minimal, flexible command line parser -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.7.3-1 - Update to version 0.7.3; Fixes RHBZ#2326004 -------------------------------------------------------------------------------- ================================================================================ rust-fallible_collections-0.5.1-1.el9 (FEDORA-EPEL-2024-117301db0a) Which adds fallible allocation api to std collections -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.5.1-1 - Update to version 0.5.1; Fixes RHBZ#2324311 -------------------------------------------------------------------------------- ================================================================================ rust-image-0.25.5-1.el9 (FEDORA-EPEL-2024-117301db0a) Imaging library -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.25.5-1 - Update to version 0.25.5; Fixes RHBZ#2319239 -------------------------------------------------------------------------------- ================================================================================ rust-image-webp-0.2.0-1.el9 (FEDORA-EPEL-2024-117301db0a) WebP encoding and decoding in pure Rust -------------------------------------------------------------------------------- Update Information: Update the avif-parse crate to version 1.3.2. Update the clap and clap_builder crates to version 4.5.21. Update the clap_complete crate to version 4.5.38. Update the clap_lex crate to version 0.7.3. Update the fallible_collections crate to version 0.5.1. Update the image crate to version 0.25.5. Update the image-webp crate to version 0.2.0. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 16 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 0.2.0-1 - Update to version 0.2.0; Fixes RHBZ#2316873 -------------------------------------------------------------------------------- ================================================================================ rust-insta-1.41.1-1.el9 (FEDORA-EPEL-2024-4f86779751) Snapshot testing library for Rust -------------------------------------------------------------------------------- Update Information: Update rust-insta to version 1.41.1. 1.41.1 Re-release of 1.41.1 to generate release artifacts correctly. 1.41.0 Experimental support for binary snapshots. --force-update-snapshots now causes cargo-insta to write every snapshot, regardless of whether snapshots fully match, and now implies --accept. This allows for --force-update-snapshots to update inline snapshots' delimiters and indentation. For the previous behavior of --force-update-snapshots, which limited writes to snapshots which didn't fully match, use --require-full-match. The main difference between --require-full-match and the existing behavior of --force-update-snapshots is a non-zero exit code on any snapshots which don't fully match. Like the previous behavior of --force-update-snapshots, --require-full-match doesn't track inline snapshots' delimiters or indentation, so can't update if those don't match. Inline snapshots only use # characters as delimiters when required. Warnings for undiscovered snapshots are more robust, and include files with custom snapshot extensions. Insta runs correctly on packages which reference rust files in a parent path. Warnings are printed when any snapshot uses a legacy format. cargo insta --version now prints a version. insta now internally uses INSTA_UPDATE=force rather than INSTA_FORCE_UPDATE=1. (This doesn't affect users of cargo-insta, which handles this internally.) cargo-insta's integration tests continue to grow over the past couple of versions, and now offer coverage of most of cargo-insta's interface. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 17 2024 Benjamin A. Beasley <code@xxxxxxxxxxxxxxxxxx> - 1.41.1-1 - Update to version 1.41.1; Fixes RHBZ#2322050 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2322050 - rust-insta-1.41.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2322050 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue