The following Fedora EPEL 8 Security updates need testing: Age URL 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-1f39c6fc05 uriparser-0.9.8-2.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing HepMC3-3.3.1-1.el8 radsecproxy-1.11.2-1.el8 snapd-2.68.3-0.el8 suricata-7.0.10-1.el8 xrootd-5.8.0-1.el8 Details about builds: ================================================================================ HepMC3-3.3.1-1.el8 (FEDORA-EPEL-2025-c902a898bb) C++ Event Record for Monte Carlo Generators -------------------------------------------------------------------------------- Update Information: HepMC3 3.3.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.1-1 - Update to version 3.3.1 - Drop patches accepted upstream or previously backported * Thu Feb 27 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.0-6 - Update minimal cmake version to be compatible with cmake 4 * Sun Feb 23 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.0-5 - Suppress a valgrind error from dlopen on EPEL 10 * Thu Jan 16 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Mon Dec 30 2024 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 3.3.0-3 - Rebuild for root 6.34 * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 3.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ radsecproxy-1.11.2-1.el8 (FEDORA-EPEL-2025-5f72efd240) Generic RADIUS proxy with RadSec support -------------------------------------------------------------------------------- Update Information: radsecproxy 1.11.2 (2025-03-25) Bug Fixes Fix Message-Authenticator validation for Accounting-Response -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.11.2-1 - Upgrade to 1.11.2 (#2354876) * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.11.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2354876 - radsecproxy-1.11.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2354876 -------------------------------------------------------------------------------- ================================================================================ snapd-2.68.3-0.el8 (FEDORA-EPEL-2025-88ba56ef33) A transactional software package manager -------------------------------------------------------------------------------- Update Information: * Mon Mar 10 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.3 - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to old keyring path - Fix Plucky snapd deb build issue related to /var/lib/snapd/void permissions - Fix snapd deb build complaint about ifneq with extra bracket * Thu Feb 27 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.2 - FDE: use boot mode for FDE hooks - FDE: add snap-bootstrap compatibility check to prevent image creation with incompatible snapd and kernel snap - FDE: add argon2 out-of-process KDF support - FDE: have separate mutex for the sections writing a fresh modeenv - FDE: LP: #2099709 update secboot to e07f4ae48e98 - Confdb: support pruning ephemeral data and process alternative types in order - core-initrd: look at env to mount directly to /sysroot - core-initrd: prepare for Plucky build and split out 24.10 (Oracular) - Fix missing primed packages in snapd snap manifest - Interfaces: posix-mq | fix incorrect clobbering of global variable and make interface more precise - Interfaces: opengl | add more kernel fusion driver files * Mon Feb 24 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.1 - Fix snap-confine type specifier type mismatch on armhf * Thu Feb 13 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68 - FDE: add support for new and more extensible key format that is unified between TPM and FDE hook - FDE: add support for adding passphrases during installation - FDE: update secboot to 30317622bbbc - Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install - Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages - Snap components: support remodeling to models that contain components - Snap components: support offline remodeling to models that contain components - Snap components: support creating new recovery systems with components - Snap components: support downloading components with 'snap download' command - Snap components: support sideloading asserted components - AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor - AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans - AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity - AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions - AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup - AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions - Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb) - Confdb(experimental): support marking confdb schemas as ephemeral - Confdb(experimental): add confdb-control assertion and feature flag - Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update - Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode - Confidential VMs: snap-bootstrap support for setting up cloudimg- rootfs as an overlayfs with integrity protection - dm-verity for essential snaps: add support for snap-integrity assertion - Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/* - Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user - Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem - Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container - Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function - Interfaces: add checkbox-support interface that allows unrestricted access to all devices - Interfaces: fwupd | allow access to dell bios recovery - Interfaces: fwupd | allow access to shim and fallback shim - Interfaces: mount-control | add mount option validator to detect mount option conflicts early - Interfaces: cpu-control | add read access to /sys/kernel/irq/ - Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop - Interfaces: microstack-support | support for utilizing of AMD SEV capabilities - Interfaces: u2f | added missing OneSpan device product IDs - Interfaces: auditd-support | grant seccomp setpriority - Interfaces: opengl interface | enable parsing of nvidia driver information files - Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine - Upstream/downstream packaging changes and build updates - Improve error logs for malformed desktop files to also show which desktop file is at fault - Provide more precise error message when overriding channels with grade during seed creation - Expose 'snap prepare-image' validation parameter - Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile - Add fallback release info location /etc/initrd-release - Added core-initrd to snapd repo and fixed issues with ubuntu-core- initramfs deb builds - Remove stale robust-mount-namespace-updates experimental feature flag - Remove snapd-snap experimental feature (rejected) and it's feature flag - Changed snap-bootstrap to mount base directly on /sysroot - Mount ubuntu-seed mounted as no-{suid,exec,dev} - Mapping volumes to disks: add support for volume-assignments in gadget - Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18 - Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets - Fix 'snap get' to produce compact listing for tty - Fix missing store-url by keeping it as part of auxiliary store info - Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available - Fix 'snap set' and 'snap get' panic on empty strings with early error checking - Fix logger debug entries to show correct caller and file information - Fix issue preventing hybrid systems from being seeded on first boot - LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors - LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.3 - FDE: LP: #2101834 snapd 2.68+ and snap-bootstrap <2.68 fallback to old keyring path - Fix Plucky snapd deb build issue related to /var/lib/snapd/void permissions - Fix snapd deb build complaint about ifneq with extra bracket * Thu Feb 27 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.2 - FDE: use boot mode for FDE hooks - FDE: add snap-bootstrap compatibility check to prevent image creation with incompatible snapd and kernel snap - FDE: add argon2 out-of-process KDF support - FDE: have separate mutex for the sections writing a fresh modeenv - FDE: LP: #2099709 update secboot to e07f4ae48e98 - Confdb: support pruning ephemeral data and process alternative types in order - core-initrd: look at env to mount directly to /sysroot - core-initrd: prepare for Plucky build and split out 24.10 (Oracular) - Fix missing primed packages in snapd snap manifest - Interfaces: posix-mq | fix incorrect clobbering of global variable and make interface more precise - Interfaces: opengl | add more kernel fusion driver files * Mon Feb 24 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68.1 - Fix snap-confine type specifier type mismatch on armhf * Thu Feb 13 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.68 - FDE: add support for new and more extensible key format that is unified between TPM and FDE hook - FDE: add support for adding passphrases during installation - FDE: update secboot to 30317622bbbc - Snap components: make kernel components available on firstboot after either initramfs or ephemeral rootfs style install - Snap components: mount drivers tree from initramfs so kernel modules are available in early boot stages - Snap components: support remodeling to models that contain components - Snap components: support offline remodeling to models that contain components - Snap components: support creating new recovery systems with components - Snap components: support downloading components with 'snap download' command - Snap components: support sideloading asserted components - AppArmor Prompting(experimental): improve version checks and handling of listener notification protocol for communication with kernel AppArmor - AppArmor Prompting(experimental): make prompt replies idempotent, and have at most one rule for any given path pattern, with potentially mixed outcomes and lifespans - AppArmor Prompting(experimental): timeout unresolved prompts after a period of client inactivity - AppArmor Prompting(experimental): return an error if a patch request to the API would result in a rule without any permissions - AppArmor Prompting(experimental): warn if there is no prompting client present but prompting is enabled, or if a prompting-related error occurs during snapd startup - AppArmor Prompting(experimental): do not log error when converting empty permissions to AppArmor permissions - Confdb(experimental): rename registries to confdbs (including API /v2/registries => /v2/confdb) - Confdb(experimental): support marking confdb schemas as ephemeral - Confdb(experimental): add confdb-control assertion and feature flag - Refresh App Awareness(experimental): LP: #2089195 prevent possibility of incorrect notification that snap will quit and update - Confidential VMs: snap-bootstrap support for loading partition information from a manifest file for cloudimg-rootfs mode - Confidential VMs: snap-bootstrap support for setting up cloudimg- rootfs as an overlayfs with integrity protection - dm-verity for essential snaps: add support for snap-integrity assertion - Interfaces: modify AppArmor template to allow owner read on @{PROC}/@{pid}/fdinfo/* - Interfaces: LP: #2072987 modify AppArmor template to allow using setpriv to run daemon as non-root user - Interfaces: add configfiles backend that ensures the state of configuration files in the filesystem - Interfaces: add ldconfig backend that exposes libraries coming from snaps to either the rootfs or to other snaps - Interfaces: LP: #1712808 LP: 1865503 disable udev backend when inside a container - Interfaces: add auditd-support interface that grants audit_control capability and required paths for auditd to function - Interfaces: add checkbox-support interface that allows unrestricted access to all devices - Interfaces: fwupd | allow access to dell bios recovery - Interfaces: fwupd | allow access to shim and fallback shim - Interfaces: mount-control | add mount option validator to detect mount option conflicts early - Interfaces: cpu-control | add read access to /sys/kernel/irq/ - Interfaces: locale-control | changed to be implicit on Ubuntu Core Desktop - Interfaces: microstack-support | support for utilizing of AMD SEV capabilities - Interfaces: u2f | added missing OneSpan device product IDs - Interfaces: auditd-support | grant seccomp setpriority - Interfaces: opengl interface | enable parsing of nvidia driver information files - Allow mksquashfs 'xattrs' when packing snap types os, core, base and snapd as part of work to support non-root snap-confine - Upstream/downstream packaging changes and build updates - Improve error logs for malformed desktop files to also show which desktop file is at fault - Provide more precise error message when overriding channels with grade during seed creation - Expose 'snap prepare-image' validation parameter - Add snap-seccomp 'dump' command that dumps the filter rules from a compiled profile - Add fallback release info location /etc/initrd-release - Added core-initrd to snapd repo and fixed issues with ubuntu-core- initramfs deb builds - Remove stale robust-mount-namespace-updates experimental feature flag - Remove snapd-snap experimental feature (rejected) and it's feature flag - Changed snap-bootstrap to mount base directly on /sysroot - Mount ubuntu-seed mounted as no-{suid,exec,dev} - Mapping volumes to disks: add support for volume-assignments in gadget - Fix silently broken binaries produced by distro patchelf 0.14.3 by using locally build patchelf 0.18 - Fix mismatch between listed refresh candidates and actual refresh due to outdated validation sets - Fix 'snap get' to produce compact listing for tty - Fix missing store-url by keeping it as part of auxiliary store info - Fix snap-confine attempting to retrieve device cgroup setup inside container where it is not available - Fix 'snap set' and 'snap get' panic on empty strings with early error checking - Fix logger debug entries to show correct caller and file information - Fix issue preventing hybrid systems from being seeded on first boot - LP: #1966203 remove auto-import udev rules not required by deb package to avoid unwanted syslog errors - LP: #1886414 fix progress reporting when stdout is on a tty, but stdin is not -------------------------------------------------------------------------------- ================================================================================ suricata-7.0.10-1.el8 (FEDORA-EPEL-2025-811cbc0ed6) Intrusion Detection System -------------------------------------------------------------------------------- Update Information: This is an extra release to address a critical issue in 7.0.9 affecting AF_PACKET users: setting a BPF would cause Suricata to fail to start up. This has been fixed. Various security, performance, accuracy, and stability issues have been fixed. LibHTP has been updated to version 0.5.50 which is bundled with this new release. This fixes: CVE-2025-29915: HIGH CVE-2025-29917: HIGH CVE-2025-29918: HIGH CVE-2025-29916: Moderate -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2025 Steve Grubb <sgrubb@xxxxxxxxxx> 7.0.10-1 - New bugfix release * Tue Mar 18 2025 Steve Grubb <sgrubb@xxxxxxxxxx> 7.0.9-1 - New security and bugfix release * Tue Feb 11 2025 Zbigniew JÄ?drzejewski-Szmek <zbyszek@xxxxxxxxx> - 7.0.8-3 - Add sysusers.d config file to allow rpm to create users/groups automatically * Sun Jan 19 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 7.0.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ xrootd-5.8.0-1.el8 (FEDORA-EPEL-2025-ec7c583060) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: xrootd 5.8.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 22 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.8.0-1 - Update to version 5.8.0 * Sat Mar 8 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.7.3-4 - Move user/group creation logic to sysusers.d fragment * Wed Feb 19 2025 Mattias Ellert <mattias.ellert@xxxxxxxxxxxxx> - 1:5.7.3-3 - Set HOSTNAME to localhost during testing * Sat Feb 1 2025 Björn Esser <besser82@xxxxxxxxxxxxxxxxx> - 1:5.7.3-2 - Add explicit BR: libxcrypt-devel --------------------------------------------------------------------------------
-- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
