The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-7833bad127 civetweb-1.16-9.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8a558394ca linenoise-1.0-2.20200312git97d2850.el8 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-8aaa96c683 libopenmpt-0.8.3-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing lemonldap-ng-2.21.3-1.el8 perl-Cpanel-JSON-XS-4.40-1.el8 Details about builds: ================================================================================ lemonldap-ng-2.21.3-1.el8 (FEDORA-EPEL-2025-0ed4170aed) Web Single Sign On (SSO) and Access Management -------------------------------------------------------------------------------- Update Information: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-3-is-out/ -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 5 2025 Clement Oudot <clem.oudot@xxxxxxxxx> - 2.21.3-1 - Update to 2.21.3 * Thu Jul 24 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.21.2-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Cpanel-JSON-XS-4.40-1.el8 (FEDORA-EPEL-2025-2848e258ef) JSON::XS for Cpanel, fast and correct serializing -------------------------------------------------------------------------------- Update Information: This update is the latest upstream release of the Cpanel::JSON::XS module, bringing many bug fixes and enhancements since the original EPEL package release. Amongst the bug fixes is one to fix an integer overflow issue that could be triggered by a specially-crafted JSON input, which could lead to a crash in the program parsing the JSON (CVE-2025-40929). -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 9 2025 Paul Howarth <paul@xxxxxxxxxxxx> - 4.40-1 - Update to 4.40 - Fix overflow with overlong numbers, fuzzing only (CVE-2025-40929) - Detect more malformed numbers, with two decimal points - Pin Github actions to latest @v via pinact run -u * Fri Jul 25 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.39-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Tue Jul 8 2025 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.39-4 - Perl 5.42 re-rebuild of bootstrapped packages * Mon Jul 7 2025 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.39-3 - Perl 5.42 rebuild * Sat Jan 18 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.39-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Fri Dec 13 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 4.39-1 - Update to 4.39 - Fix Windows -Dusequadmath (GH#229, GH#235) - Fix inconsistent behavior between decoding escaped and unescaped surrogates, and escaped non-characters vs. non-escaped non-characters; now aligned to JSON::PP (GH#227, GH#233) - Add type_all_string tests (GH#236) - Silence UV to char cast warnings (GH#232) - Fix MSVC preprocessor errors (GH#232) - Fix -Wformat warnings on Windows (GH#228) - Clarify BigInt decoding (GH#226) - Drop EL-7 support - Use %{make_build} and %{make_install} * Thu Jul 18 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.38-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Wed Jun 12 2024 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.38-3 - Perl 5.40 re-rebuild of bootstrapped packages * Tue Jun 11 2024 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.38-2 - Perl 5.40 rebuild * Tue May 28 2024 Paul Howarth <paul@xxxxxxxxxxxx> - 4.38-1 - Update to 4.38 - Encode real core booleans as boolean notation (GH#224) - Minor test fixes - Fix docs typo (GH#225) * Thu Jan 25 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.37-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Sun Jan 21 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.37-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Thu Jul 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.37-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jul 12 2023 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.37-3 - Perl 5.38 re-rebuild of bootstrapped packages * Tue Jul 11 2023 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.37-2 - Perl 5.38 rebuild * Tue Jul 4 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 4.37-1 - Update to 4.37 - Fix NAN/INF for AIX (GH#165) - Fix empty string result in object stringification (GH#221) - Allow \' in strings when allow_singlequote is enabled (GH#217) - Avoid use of deprecated patch syntax * Thu Mar 2 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 4.36-1 - Update to 4.36 - Remove the SAVESTACK_POS noop, merged from JSON-XS-3.02, removed there with 4.0 - Request to remove: https://github.com/Perl/perl5/pull/20858 * Wed Feb 22 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 4.35-1 - Update to 4.35 - Fix utf8 object stringification (GH#212) * Wed Feb 22 2023 Paul Howarth <paul@xxxxxxxxxxxx> - 4.34-1 - Update to 4.34 - Fix a security issue, decoding hash keys without ending ':' (GH#208) - Check all bare hash keys for utf8 (GH#209) - Improve overload warnings (GH#205) - Fix a croak leak (GH#206) - Use SPDX-format license tag * Fri Jan 20 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.32-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Sat Aug 13 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.32-1 - Update to 4.32 - Fix new JSON::PP::Boolean overload redefinition warnings (GH#200) * Wed Aug 10 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.31-1 - Update to 4.31 - Adjust t/20_unknown.t pp bool tests for native bool when supported (GH#198) * Tue Aug 2 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.30-3 - Re-apply test fixes for t/20_unknown.t now that JSON::PP native bool support is back * Fri Jul 22 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.30-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Fri Jun 17 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.30-1 - Update to 4.30 - Fix perl 5.37 utf8n_to_uvuni deprecation (GH#196) * Fri Jun 3 2022 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.29-3 - Perl 5.36 re-rebuild of bootstrapped packages * Tue May 31 2022 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.29-2 - Perl 5.36 rebuild * Fri May 27 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.29-1 - Update to 4.29 - Hack: Revert native bool (unblessed) overloads via JSON::PP 4.08; JSON::PP ignores unblessed bools for now (GH#194) * Thu May 5 2022 Paul Howarth <paul@xxxxxxxxxxxx> - 4.28-1 - Update to 4.28 - Validate the JSON struct, which might get corrupted by wrong FREEZE/THAW methods, or other serializers, or corrupting our magic object (GH#192) - Improve our DESTROY and END methods to avoid NULL dereferences (https://github.com/rurban/perl-compiler/issues/438) - Fix 3 tests in t/20_unknown.t with the latest 5.35.10 bool enhancements and JSON::PP (GH#194) - Fix t/118_type.t with Windows ivtype long long (GH#178) - Added GitHub actions * Fri Jan 21 2022 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Fri Oct 15 2021 Paul Howarth <paul@xxxxxxxxxxxx> - 4.27-1 - Update to 4.27 - Only add -Werror=declaration-after-statement for 5.035004 and earlier (GH#186) - Fix 125_shared_boolean.t for threads (GH#184) - Drop support for building for targets older than EL-7 * Thu Jul 22 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.26-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Mon May 24 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.26-3 - Perl 5.34 re-rebuild of bootstrapped packages * Fri May 21 2021 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.26-2 - Perl 5.34 rebuild * Mon Apr 12 2021 Paul Howarth <paul@xxxxxxxxxxxx> - 4.26-1 - Update to 4.26 - Fix compilation with C++ (GH#177) - Use %license unconditionally * Wed Jan 27 2021 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.25-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Wed Oct 28 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.25-1 - Update to 4.25 - Fix decode relaxed with comment at the end of the buffer (GH#174), a regression introduced with 3.0220, to fix n_number_then_00 - Possible fix for a gcc-9 optimizer bug (GH#172) * Fri Oct 2 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.24-1 - Update to 4.24 - Fix decode_json(scalar, 0), check 2nd arg for true-ness (GH#171) * Sat Sep 5 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.23-1 - Update to 4.23 - Fix t/54_stringify needs JSON 2.09 for allow_unknown (GH#169) - Fix t/118_type.t for 5.6 - Fix t/96_interop.t for missing JSON::XS - Possible fix for s390x with long double, untested (GH#83) * Thu Aug 13 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.21-1 - Update to 4.21 - Fix not enough HEK memory allocation for the new canonical tied hashes feature (GH#168) - TODO broken JSON::PP::Boolean versions 2.9x - 4.0 with threads::shared in 125_shared_boolean.t * Wed Aug 12 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.20-1 - Update to 4.20 - New feature: sort tied hashes with canonical (GH#167) - Fix encode of threads::shared boolean (GH#166); this was broken with 4.00 - Fix some stringify overload cases via convert_blessed (GH#105) - Fix a compat case with JSON::XS, when convert_blessed is set, but allow_blessed not (GH#105) - Improve blessed and stringify tests - Work on better inf/nan detection on AIX (GH#165) - Fix documentation for booleans and their types (GH#162) * Tue Jul 28 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.19-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jun 26 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.19-3 - Perl 5.32 re-rebuild of bootstrapped packages * Tue Jun 23 2020 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 4.19-2 - Perl 5.32 rebuild * Thu Feb 6 2020 Paul Howarth <paul@xxxxxxxxxxxx> - 4.19-1 - Update to 4.19 - Fix typed decode memory leak (GH#160) * Wed Jan 29 2020 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 4.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Dec 13 2019 Paul Howarth <paul@xxxxxxxxxxxx> - 4.18-1 - Update to 4.18 - Add new method ->type_all_string (GH#156); when type_all_string is set then the encode method produces stable deterministic string types in the resulting JSON - this can be an alternative to Cpanel::JSON::XS::Type when having deterministic output is required but string JSON types are enough for any output - Move SvGETMAGIC() from encode_av() and encode_hv() to encode_sv() (GH#156) - Add Math::BigInt and Math::BigFloat as recommended dependencies (GH#157) * Tue Nov 5 2019 Paul Howarth <paul@xxxxxxxxxxxx> - 4.17-1 - Update to 4.17 - Add Changes tests and fixups (GH#155) * Mon Nov 4 2019 Paul Howarth <paul@xxxxxxxxxxxx> - 4.16-1 - Update to 4.16 - Use Perl_strtod instead of self-made atof (via pow), to minimize differences from core string-to-float conversions (GH#154); this fixes float representation regressions (in the 1e-6 to 1e-16 range) since 5.22 * Tue Oct 22 2019 Paul Howarth <paul@xxxxxxxxxxxx> - 4.15-1 - Update to 4.15 - Fix more tests for nvtype long double -------------------------------------------------------------------------------- References: [ 1 ] Bug #2393915 - CVE-2025-40929 perl-Cpanel-JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2393915 -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
