The following Fedora EPEL 9 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-e9dcb51f6d uriparser-0.9.8-2.el9 The following builds have been pushed to Fedora EPEL 9 updates-testing HepMC3-3.3.1-1.el9 debconf-1.5.91-1.el9 gnome-shell-extension-caffeine-42.1-1.el9 nextcloud-29.0.14-1.el9 radsecproxy-1.11.2-1.el9 rust-cfg-expr-0.18.0-1.el9 rust-cfg-expr0.17-0.17.2-1.el9 rust-convert_case-0.7.1-1.el9 rust-convert_case0.6-0.6.0-1.el9 rust-derive_more-2.0.1-2.el9 rust-derive_more-impl-2.0.1-1.el9 rust-h3-0.0.7-1.el9 rust-h3-quinn-0.0.9-1.el9 rust-quinn-0.11.7-1.el9 rust-quinn-proto-0.11.10-1.el9 rust-rustls-0.23.25-1.el9 rust-rustls-platform-verifier-0.5.1-1.el9 rust-rustls-webpki-0.103.0-1.el9 rust-rustls-webpki0.102-0.102.8-1.el9 rust-smallvec-1.14.0-1.el9 snapd-2.68.3-0.el9 suricata-7.0.10-1.el9 xrootd-5.8.0-1.el9 Details about builds: ================================================================================ HepMC3-3.3.1-1.el9 (FEDORA-EPEL-2025-c1c8c6ecbd) C++ Event Record for Monte Carlo Generators -------------------------------------------------------------------------------- Update Information: HepMC3 3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.1-1 - Update to version 3.3.1 - Drop patches accepted upstream or previously backported * Thu Feb 27 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.0-6 - Update minimal cmake version to be compatible with cmake 4 * Sun Feb 23 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.0-5 - Suppress a valgrind error from dlopen on EPEL 10 * Thu Jan 16 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ debconf-1.5.91-1.el9 (FEDORA-EPEL-2025-16ca14b3dd) Debian configuration management system -------------------------------------------------------------------------------- Update Information: Automatic update for debconf-1.5.91-1.el9. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2025 Packit <hello@xxxxxxxxxx> - 1.5.91-1 - Update to version 1.5.91 - Resolves: rhbz#2350745 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-caffeine-42.1-1.el9 (FEDORA-EPEL-2025-a549a42f7d) Disable the screen saver and auto suspend in gnome shell -------------------------------------------------------------------------------- Update Information: Fix bug causing the preferences window to fail to open. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Jeremy Newton <alexjnewt at hotmail dot com> - 42.1-1 - Update to v42.1 - Fix RHBZ#2327897 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2327897 - [error/trace] when opening preferences of the gnome-shell-extension-caffeine extension https://bugzilla.redhat.com/show_bug.cgi?id=2327897 -------------------------------------------------------------------------------- ================================================================================ nextcloud-29.0.14-1.el9 (FEDORA-EPEL-2025-12c5a8acc1) Private file sync and share server -------------------------------------------------------------------------------- Update Information: 29.0.14 release -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Andrew Bauer <zonexpertconsulting@xxxxxxxxxxx> - 29.0.14-1 - 29.0.14 release -------------------------------------------------------------------------------- ================================================================================ radsecproxy-1.11.2-1.el9 (FEDORA-EPEL-2025-b55c4b4239) Generic RADIUS proxy with RadSec support -------------------------------------------------------------------------------- Update Information: radsecproxy 1.11.2 (2025-03-25) Bug Fixes Fix Message-Authenticator validation for Accounting-Response -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.11.2-1 - Upgrade to 1.11.2 (#2354876) * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354876 - radsecproxy-1.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2354876 -------------------------------------------------------------------------------- ================================================================================ rust-cfg-expr-0.18.0-1.el9 (FEDORA-EPEL-2025-50d0e0fa79) Parser and evaluator for Rust cfg() expressions -------------------------------------------------------------------------------- Update Information: Update the cfg-expr crate to version 0.18.0 and add a compat package for version 0.17. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 24 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.18.0-1 - Update to version 0.18.0; Fixes RHBZ#2346866 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.17.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-cfg-expr0.17-0.17.2-1.el9 (FEDORA-EPEL-2025-50d0e0fa79) Parser and evaluator for Rust cfg() expressions -------------------------------------------------------------------------------- Update Information: Update the cfg-expr crate to version 0.18.0 and add a compat package for version 0.17. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.17.2-1 - Initial import (cfg-expr 0.17 compat package) -------------------------------------------------------------------------------- ================================================================================ rust-convert_case-0.7.1-1.el9 (FEDORA-EPEL-2025-707daadac2) Convert strings into any case -------------------------------------------------------------------------------- Update Information: Update the derive_more and derive_more-impl crates to version 2.0.1. Update the convert_case crate to version 0.7.1 and add a compat package for version 0.6. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.7.1-1 - Update to version 0.7.1 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.6.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-convert_case0.6-0.6.0-1.el9 (FEDORA-EPEL-2025-707daadac2) Convert strings into any case -------------------------------------------------------------------------------- Update Information: Update the derive_more and derive_more-impl crates to version 2.0.1. Update the convert_case crate to version 0.7.1 and add a compat package for version 0.6. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 24 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.6.0-1 - Initial import (convert_case 0.6 compat package) -------------------------------------------------------------------------------- ================================================================================ rust-derive_more-2.0.1-2.el9 (FEDORA-EPEL-2025-707daadac2) Adds #[derive(x)] macros for more traits -------------------------------------------------------------------------------- Update Information: Update the derive_more and derive_more-impl crates to version 2.0.1. Update the convert_case crate to version 0.7.1 and add a compat package for version 0.6. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.0.1-2 - Skip three tests that fail on big-endian architectures * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.0.1-1 - Update to version 2.0.1; Fixes RHBZ#2343601 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-derive_more-impl-2.0.1-1.el9 (FEDORA-EPEL-2025-707daadac2) Internal implementation of derive_more crate -------------------------------------------------------------------------------- Update Information: Update the derive_more and derive_more-impl crates to version 2.0.1. Update the convert_case crate to version 0.7.1 and add a compat package for version 0.6. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 2.0.1-1 - Update to version 2.0.1; Fixes RHBZ#2343600 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-h3-0.0.7-1.el9 (FEDORA-EPEL-2025-1a644d9780) Async HTTP/3 implementation -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.0.7-1 - Update to version 0.0.7; Fixes RHBZ#2352693 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.0.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-h3-quinn-0.0.9-1.el9 (FEDORA-EPEL-2025-1a644d9780) QUIC transport implementation based on Quinn -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.0.9-1 - Update to version 0.0.9; Fixes RHBZ#2352712 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.0.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-quinn-0.11.7-1.el9 (FEDORA-EPEL-2025-1a644d9780) Versatile QUIC transport protocol implementation -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.11.7-1 - Update to version 0.11.7; Fixes RHBZ#2353150 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-quinn-proto-0.11.10-1.el9 (FEDORA-EPEL-2025-1a644d9780) State machine for the QUIC transport protocol -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.11.10-1 - Update to version 0.11.10; Fixes RHBZ#2353151 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.11.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-rustls-0.23.25-1.el9 (FEDORA-EPEL-2025-1a644d9780) Modern TLS library written in Rust -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.23.25-1 - Update to version 0.23.25; Fixes RHBZ#2352879 -------------------------------------------------------------------------------- ================================================================================ rust-rustls-platform-verifier-0.5.1-1.el9 (FEDORA-EPEL-2025-1a644d9780) Supports verifying TLS certificates in rustls with the operating system verifier -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.5.1-1 - Update to version 0.5.1; Fixes RHBZ#2323324 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-rustls-webpki-0.103.0-1.el9 (FEDORA-EPEL-2025-1a644d9780) Web PKI X.509 Certificate Verification -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.103.0-1 - Update to version 0.103.0; Fixes RHBZ#2347332 * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.102.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rust-rustls-webpki0.102-0.102.8-1.el9 (FEDORA-EPEL-2025-1a644d9780) Web PKI X.509 Certificate Verification -------------------------------------------------------------------------------- Update Information: Update the h3-quinn crate to version 0.0.9. Update the h3 crate to version 0.0.7. Update the quinn crate to version 0.11.7. Update the quinn-proto crate to version 0.11.10. Update the rustls-platform-verifier crate to version 0.5.1. Update the rustls crate to version 0.23.24. Update the rustls-webpki crate to version 0.103.0. Add a compat package for version 0.102 of the rustls-webpki crate. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 24 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 0.102.8-1 - Initial import (rustls-webpki 0.102 compat package) -------------------------------------------------------------------------------- ================================================================================ rust-smallvec-1.14.0-1.el9 (FEDORA-EPEL-2025-221b9c106d) Store up to a small number of items on the stack -------------------------------------------------------------------------------- Update Information: Update to version 1.14.0. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Fabio Valentini <decathorpe@xxxxxxxxx> - 1.14.0-1 - Update to version 1.14.0 -------------------------------------------------------------------------------- ================================================================================ snapd-2.68.3-0.el9 (FEDORA-EPEL-2025-7732b41d4b) A transactional software package manager -------------------------------------------------------------------------------- Update Information: * Mon Mar 10 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.3 - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to old keyring path - Fix Plucky snapd deb build issue related to /var/lib/snapd/void permissions - Fix snapd deb build complaint about ifneq with extra bracket * Thu Feb 27 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.2 - FDE: use boot mode for FDE hooks - FDE: add snap-bootstrap compatibility check to prevent image creation with incompatible snapd and kernel snap - FDE: add argon2 out-of-process KDF support - FDE: have separate mutex for the sections writing a fresh modeenv - FDE: LP: #2099709 update secboot to e07f4ae48e98 - Confdb: support pruning ephemeral data and process alternative types in order - core-initrd: look at env to mount directly to /sysroot - core-initrd: prepare for Plucky build and split out 24.10 (Oracular) - Fix missing primed packages in snapd snap manifest - Interfaces: posix-mq | fix incorrect clobbering of global variable and make interface more precise - Interfaces: opengl | add more kernel fusion driver files * Mon Feb 24 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.1 - Fix snap-confine type specifier type mismatch on armhf * Thu Feb 13 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68 - FDE: add support for new and more extensible key format that is unified between TPM and FDE hook - FDE: add support for adding passphrases during installation - FDE: update secboot to 30317622bbbc - Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install - Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages - Snap components: support remodeling to models that contain components - Snap components: support offline remodeling to models that contain components - Snap components: support creating new recovery systems with components - Snap components: support downloading components with 'snap download' command - Snap components: support sideloading asserted components - AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor - AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans - AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity - AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions - AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup - AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions - Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb) - Confdb(experimental): support marking confdb schemas as ephemeral - Confdb(experimental): add confdb-control assertion and feature flag - Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update - Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode - Confidential VMs: snap-bootstrap support for setting up cloudimg- rootfs as an overlayfs with integrity protection - dm-verity for essential snaps: add support for snap-integrity assertion - Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/* - Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user - Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem - Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container - Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function - Interfaces: add checkbox-support interface that allows unrestricted access to all devices - Interfaces: fwupd | allow access to dell bios recovery - Interfaces: fwupd | allow access to shim and fallback shim - Interfaces: mount-control | add mount option validator to detect mount option conflicts early - Interfaces: cpu-control | add read access to /sys/kernel/irq/ - Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop - Interfaces: microstack-support | support for utilizing of AMD SEV capabilities - Interfaces: u2f | added missing OneSpan device product IDs - Interfaces: auditd-support | grant seccomp setpriority - Interfaces: opengl interface | enable parsing of nvidia driver information files - Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine - Upstream/downstream packaging changes and build updates - Improve error logs for malformed desktop files to also show which desktop file is at fault - Provide more precise error message when overriding channels with grade during seed creation - Expose 'snap prepare-image' validation parameter - Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile - Add fallback release info location /etc/initrd-release - Added core-initrd to snapd repo and fixed issues with ubuntu-core- initramfs deb builds - Remove stale robust-mount-namespace-updates experimental feature flag - Remove snapd-snap experimental feature (rejected) and it's feature flag - Changed snap-bootstrap to mount base directly on /sysroot - Mount ubuntu-seed mounted as no-{suid,exec,dev} - Mapping volumes to disks: add support for volume-assignments in gadget - Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18 - Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets - Fix 'snap get' to produce compact listing for tty - Fix missing store-url by keeping it as part of auxiliary store info - Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available - Fix 'snap set' and 'snap get' panic on empty strings with early error checking - Fix logger debug entries to show correct caller and file information - Fix issue preventing hybrid systems from being seeded on first boot - LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors - LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.3 - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to old keyring path - Fix Plucky snapd deb build issue related to /var/lib/snapd/void permissions - Fix snapd deb build complaint about ifneq with extra bracket * Thu Feb 27 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.2 - FDE: use boot mode for FDE hooks - FDE: add snap-bootstrap compatibility check to prevent image creation with incompatible snapd and kernel snap - FDE: add argon2 out-of-process KDF support - FDE: have separate mutex for the sections writing a fresh modeenv - FDE: LP: #2099709 update secboot to e07f4ae48e98 - Confdb: support pruning ephemeral data and process alternative types in order - core-initrd: look at env to mount directly to /sysroot - core-initrd: prepare for Plucky build and split out 24.10 (Oracular) - Fix missing primed packages in snapd snap manifest - Interfaces: posix-mq | fix incorrect clobbering of global variable and make interface more precise - Interfaces: opengl | add more kernel fusion driver files * Mon Feb 24 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.1 - Fix snap-confine type specifier type mismatch on armhf * Thu Feb 13 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68 - FDE: add support for new and more extensible key format that is unified between TPM and FDE hook - FDE: add support for adding passphrases during installation - FDE: update secboot to 30317622bbbc - Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install - Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages - Snap components: support remodeling to models that contain components - Snap components: support offline remodeling to models that contain components - Snap components: support creating new recovery systems with components - Snap components: support downloading components with 'snap download' command - Snap components: support sideloading asserted components - AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor - AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans - AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity - AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions - AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup - AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions - Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb) - Confdb(experimental): support marking confdb schemas as ephemeral - Confdb(experimental): add confdb-control assertion and feature flag - Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update - Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode - Confidential VMs: snap-bootstrap support for setting up cloudimg- rootfs as an overlayfs with integrity protection - dm-verity for essential snaps: add support for snap-integrity assertion - Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/* - Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user - Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem - Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container - Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function - Interfaces: add checkbox-support interface that allows unrestricted access to all devices - Interfaces: fwupd | allow access to dell bios recovery - Interfaces: fwupd | allow access to shim and fallback shim - Interfaces: mount-control | add mount option validator to detect mount option conflicts early - Interfaces: cpu-control | add read access to /sys/kernel/irq/ - Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop - Interfaces: microstack-support | support for utilizing of AMD SEV capabilities - Interfaces: u2f | added missing OneSpan device product IDs - Interfaces: auditd-support | grant seccomp setpriority - Interfaces: opengl interface | enable parsing of nvidia driver information files - Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine - Upstream/downstream packaging changes and build updates - Improve error logs for malformed desktop files to also show which desktop file is at fault - Provide more precise error message when overriding channels with grade during seed creation - Expose 'snap prepare-image' validation parameter - Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile - Add fallback release info location /etc/initrd-release - Added core-initrd to snapd repo and fixed issues with ubuntu-core- initramfs deb builds - Remove stale robust-mount-namespace-updates experimental feature flag - Remove snapd-snap experimental feature (rejected) and it's feature flag - Changed snap-bootstrap to mount base directly on /sysroot - Mount ubuntu-seed mounted as no-{suid,exec,dev} - Mapping volumes to disks: add support for volume-assignments in gadget - Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18 - Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets - Fix 'snap get' to produce compact listing for tty - Fix missing store-url by keeping it as part of auxiliary store info - Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available - Fix 'snap set' and 'snap get' panic on empty strings with early error checking - Fix logger debug entries to show correct caller and file information - Fix issue preventing hybrid systems from being seeded on first boot - LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors - LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not -------------------------------------------------------------------------------- ================================================================================ suricata-7.0.10-1.el9 (FEDORA-EPEL-2025-46a02bfa95) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed. Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes: CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Steve Grubb <sgrubb@xxxxxxxxxx> 7.0.10-1 - New bugfix release * Tue Mar 18 2025 Steve Grubb <sgrubb@xxxxxxxxxx> 7.0.9-1 - New security and bugfix release * Tue Feb 11 2025 Zbigniew JÄ?drzejewski-Szmek <zbyszek@xxxxxxxxx> - 7.0.8-3 - Add sysusers.d config file to allow rpm to create users/groups automatically * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.0.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xrootd-5.8.0-1.el9 (FEDORA-EPEL-2025-7b8d098aa3) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: xrootd 5.8.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.8.0-1 - Update to version 5.8.0 * Sat Mar 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.7.3-4 - Move user/group creation logic to sysusers.d fragment * Wed Feb 19 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.7.3-3 - Set HOSTNAME to localhost during testing * Sat Feb 1 2025 Björn Esser <besser82@xxxxxxxxxxxxxxxxx> - 1:5.7.3-2 - Add explicit BR: libxcrypt-devel --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
