[EPEL-devel] Fedora EPEL 8 updates-testing report

updates@xxxxxxxxxxxxxxxxx · Fri, 21 Feb 2025 03:40:58 +0000 (UTC)

The following builds have been pushed to Fedora EPEL 8 updates-testing

    baresip-3.20.0-1.el8
    chromium-133.0.6943.126-1.el8
    cutter-re-2.3.4-6.el8
    fedora-license-data-1.65-1.el8
    libre-3.20.0-1.el8
    objfw-1.2.4-1.el8
    rizin-0.7.4-5.el8
    rust-ripgrep-14.1.1-1.el8

Details about builds:

================================================================================
 baresip-3.20.0-1.el8 (FEDORA-EPEL-2025-f9c15219ca)
 Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:

Baresip v3.20.0 (2025-02-18)
mixausrc: use float instead of double
misc: refactor _GNU_SOURCE usage
test: use real objects instead of synthetic pointers
cmake: fix _GNU_SOURCE definition
test_call_bundle_base: add TEST_ERR() after each call
avcapture: fix vidframe init
test: make test_call_bundle stable
fakevideo: add cast to fix windows warning
ausine: add cast to fix warning on windows
auresamp: change type to fix warning on windows
avformat: init vidframe properly
ci: add support for Windows platform
log: use secure RE_VA_ARGS logging
aaudio: modifications
rtprecv: fix info printf size error
log: refactor safe RE_ARG handling
av1: use enum values from enum obu_type
ci/build: fix install aac
call/call_event_handler: fix possible call NULL deref
libre v3.20.0 (2025-02-18)
http/server: increase BUFSIZE_MAX to 1 MB and add http_set_max_body_size
test: init err to zero (fixes cppcheck warning)
test: add RTCP_APP to RTCP test
mem,aubuf: add pre-allocated memory pool management
test: increase test_oom levels and oom fixes
mem/mem_pool: fix mem_pool_extend new member destructor
ci: bump version and min_cov
av1: remove duplicate/unused getbit.c
test/cmake: link C++ lib
http: restart timer for each chunk
ci/valgrind: use ubuntu-latest
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 20 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.20.0-1
- Upgrade to 3.20.0 (#2346252)
* Wed Feb  5 2025 Robert-AndrÃ© Mauchin <zebob.m@xxxxxxxxx> - 3.19.0-3
- Rebuilt for aom 3.11.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2346252 - baresip-3.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2346252
  [ 2 ] Bug #2346281 - libre-3.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2346281
--------------------------------------------------------------------------------

================================================================================
 chromium-133.0.6943.126-1.el8 (FEDORA-EPEL-2025-7d6d0b91ad)
 A WebKit (Blink) powered web browser that Google doesn't want you to use
--------------------------------------------------------------------------------
Update Information:

Update to 133.0.6943.126
  * CVE-2025-0999: Heap buffer overflow in V8
  * CVE-2025-1426: Heap buffer overflow in GPU
  * CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 19 2025 Than Ngo <than@xxxxxxxxxx> - 133.0.6943.126-1
- Update to 133.0.6943.126
  * CVE-2025-0999: Heap buffer overflow in V8
  * CVE-2025-1426: Heap buffer overflow in GPU
  * CVE-2025-1006: Use after free in Network
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2346760 - CVE-2025-0999 chromium: From CVEorg collector [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2346760
  [ 2 ] Bug #2346762 - CVE-2025-1426 chromium: From CVEorg collector [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2346762
  [ 3 ] Bug #2346764 - CVE-2025-1006 chromium: From CVEorg collector [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2346764
--------------------------------------------------------------------------------

================================================================================
 cutter-re-2.3.4-6.el8 (FEDORA-EPEL-2025-768199da7e)
 GUI for Rizin reverse engineering framework
--------------------------------------------------------------------------------
Update Information:

security update
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 16 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Wed Jan  1 2025 Michal Ambroz <rebus _AT seznam.cz> - 2.3.4-5
- Rebuild with new version of rizin 0.7.4
* Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Wed May 29 2024 Michal Ambroz <rebus _AT seznam.cz> - 2.3.4-3
- Rebuild with new version of rizin 0.7.3
* Mon Mar 25 2024 Riccardo Schirone <rschirone91@xxxxxxxxx> - 2.3.4-2
- Rebase to version 2.3.4 (fix changelog)
* Wed Jan 24 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Nov 13 2023 Michal Ambroz <rebus _AT seznam.cz> - 2.3.2-1
- Rebase to version 2.3.2
* Mon Aug 21 2023 Riccardo Schirone <rschirone91@xxxxxxxxx> - 2.3.1-1
- Rebase to version 2.3.1
* Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Wed May 17 2023 Riccardo Schirone <rschirone91@xxxxxxxxx> - 2.2.1-1
- Rebase to version 2.2.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2235164 - CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2235164
  [ 2 ] Bug #2329976 - CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2329976
  [ 3 ] Bug #2332149 - CVE-2024-31670 rizin: buffer overflow via create_cache_bins [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2332149
  [ 4 ] Bug #2332935 - CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2332935
  [ 5 ] Bug #2333655 - rizin-0.7.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2333655
  [ 6 ] Bug #2333932 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2333932
  [ 7 ] Bug #2346253 - Non-responsive maintainer check for ret2libc
        https://bugzilla.redhat.com/show_bug.cgi?id=2346253
--------------------------------------------------------------------------------

================================================================================
 fedora-license-data-1.65-1.el8 (FEDORA-EPEL-2025-990c203579)
 Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:

Automatic update for fedora-license-data-1.65-1.el8.
Changelog for fedora-license-data
* Thu Feb 20 2025 Miroslav SuchÃ½ <msuchy@xxxxxxxxxx> 1.65-1
- Add BSD-3-Clause WITH AdditionRef-WebM-patent license
- add public domain dedication in desktop-backgrouds
- mark OFL-1.1-RFN and OFL-1.1-no-RFN as equal
- ultrapermissive dedication of broda from crosswords package
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 20 2025 Miroslav SuchÃ½ <msuchy@xxxxxxxxxx> 1.65-1
- Add BSD-3-Clause WITH AdditionRef-WebM-patent license
- add public domain dedication in desktop-backgrouds
- mark OFL-1.1-RFN and OFL-1.1-no-RFN as equal
- ultrapermissive dedication of broda from crosswords package
--------------------------------------------------------------------------------

================================================================================
 libre-3.20.0-1.el8 (FEDORA-EPEL-2025-f9c15219ca)
 Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:

Baresip v3.20.0 (2025-02-18)
mixausrc: use float instead of double
misc: refactor _GNU_SOURCE usage
test: use real objects instead of synthetic pointers
cmake: fix _GNU_SOURCE definition
test_call_bundle_base: add TEST_ERR() after each call
avcapture: fix vidframe init
test: make test_call_bundle stable
fakevideo: add cast to fix windows warning
ausine: add cast to fix warning on windows
auresamp: change type to fix warning on windows
avformat: init vidframe properly
ci: add support for Windows platform
log: use secure RE_VA_ARGS logging
aaudio: modifications
rtprecv: fix info printf size error
log: refactor safe RE_ARG handling
av1: use enum values from enum obu_type
ci/build: fix install aac
call/call_event_handler: fix possible call NULL deref
libre v3.20.0 (2025-02-18)
http/server: increase BUFSIZE_MAX to 1 MB and add http_set_max_body_size
test: init err to zero (fixes cppcheck warning)
test: add RTCP_APP to RTCP test
mem,aubuf: add pre-allocated memory pool management
test: increase test_oom levels and oom fixes
mem/mem_pool: fix mem_pool_extend new member destructor
ci: bump version and min_cov
av1: remove duplicate/unused getbit.c
test/cmake: link C++ lib
http: restart timer for each chunk
ci/valgrind: use ubuntu-latest
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 20 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 3.20.0-1
- Upgrade to 3.20.0 (#2346281)
* Fri Jan 17 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.19.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2346252 - baresip-3.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2346252
  [ 2 ] Bug #2346281 - libre-3.20.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2346281
--------------------------------------------------------------------------------

================================================================================
 objfw-1.2.4-1.el8 (FEDORA-EPEL-2025-f5926cb68e)
 Portable, lightweight framework for the Objective-C language
--------------------------------------------------------------------------------
Update Information:

Update to 1.2.4
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 20 2025 Jonathan Schleifer <js@xxxxxxxxxxxxxxxxx> - 1.2.4-1
- Update to 1.2.4
* Fri Jan 17 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 rizin-0.7.4-5.el8 (FEDORA-EPEL-2025-768199da7e)
 UNIX-like reverse engineering framework and command-line tool-set
--------------------------------------------------------------------------------
Update Information:

security update
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 19 2025 Peter Oliver <rpm@xxxxxxxxxxxx> - 0.7.4-5
- Rebuild against tree-sitter-0.25.2-3.fc43
* Mon Feb  3 2025 Peter Oliver <rpm@xxxxxxxxxxxx> - 0.7.4-4
- Rebuild against tree-sitter-0.25.1-6.fc42
* Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.7.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Tue Dec 31 2024 Michal Ambroz <rebus _AT seznam.cz> - 0.7.4-2
- bump to version 0.7.4
* Sun Sep  1 2024 Yaakov Selkowitz <yselkowi@xxxxxxxxxx> - 0.7.3-3
- Rebuilt for tree-sitter 0.23.0
* Fri Jul 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.7.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sun Apr 14 2024 SÃ©rgio Basto <sergio@xxxxxxxxxx> - 0.7.3-1
- Update rizin to 0.7.3 (#2238987)
- (#2271957) remove provides of pkgconfig(libzstd)
* Mon Mar 25 2024 Riccardo Schirone <rschirone91@xxxxxxxxx> - 0.7.2-2
- Rebase to upstream version 0.7.2 (fix changelog)
* Fri Jan 26 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Jan 22 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Mon Nov 13 2023 Michal Ambroz <rebus _AT seznam.cz> - 0.6.3-1
- Rebase to upstream version 0.6.3
- change license string to comply with the SPDX
* Mon Aug 21 2023 Riccardo Schirone <rschirone91@xxxxxxxxx> - 0.6.1-1
- Rebase to upstream version 0.6.1
* Fri Jul 21 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2235164 - CVE-2023-40022 rizin: Integer Overflow in C++ demangler logic [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2235164
  [ 2 ] Bug #2329976 - CVE-2024-31669 rizin: Uncontrolled Resource Consumption via bin_pe_parse_imports [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2329976
  [ 3 ] Bug #2332149 - CVE-2024-31670 rizin: buffer overflow via create_cache_bins [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2332149
  [ 4 ] Bug #2332935 - CVE-2024-31668 rizin: improper neutralization of special elements via meta_set function [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2332935
  [ 5 ] Bug #2333655 - rizin-0.7.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2333655
  [ 6 ] Bug #2333932 - CVE-2024-53256 rizin: Rizin has a command injection via RzBinInfo bclass due legacy code [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2333932
  [ 7 ] Bug #2346253 - Non-responsive maintainer check for ret2libc
        https://bugzilla.redhat.com/show_bug.cgi?id=2346253
--------------------------------------------------------------------------------

================================================================================
 rust-ripgrep-14.1.1-1.el8 (FEDORA-EPEL-2025-eb6a4a2289)
 Line-oriented search tool
--------------------------------------------------------------------------------
Update Information:

Update to version 14.1.1, matching the version available in EPEL 9 and Fedora.
Note that version 14 contains very minor changes to how some command-line
arguments are handled to avoid inconsistent and / or unexpected behaviour.
This version should also fix a potential soundness issue in the bundled PCRE2
bindings that can cause crashes when compiled with recent versions of Rust, and
fixes the FTBFS issue of this package on EPEL 8 that was caused by just such a
crash in the package's test suite.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 20 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 14.1.1-1
- Update to version 14.1.1
--------------------------------------------------------------------------------

-- 
_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue