The following Fedora EPEL 8 Security updates need testing: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-82613c63a3 tcpreplay-4.5.2-1.el8 The following builds have been pushed to Fedora EPEL 8 updates-testing civetweb-1.16-9.el8 singularity-ce-4.3.3-2.el8 snapd-2.71-0.el8 Details about builds: ================================================================================ civetweb-1.16-9.el8 (FEDORA-EPEL-2025-7833bad127) Embedded C/C++ web server -------------------------------------------------------------------------------- Update Information: rhbz#2391889 -------------------------------------------------------------------------------- ChangeLog: * Wed Sep 3 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-9 - civetweb 1.16, rhbz#2391889 * Wed Jul 23 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Wed Jul 16 2025 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 1.16-7 - civetweb 1.16, rhbz#2380496 * Thu Jan 16 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Wed Jul 17 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Tue Jan 23 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Fri Jan 19 2024 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild * Wed Jul 19 2023 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2391889 - CVE-2025-55763 civetweb: CivetWeb buffer overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2391889 -------------------------------------------------------------------------------- ================================================================================ singularity-ce-4.3.3-2.el8 (FEDORA-EPEL-2025-8eda2e52e6) Application and environment virtualization -------------------------------------------------------------------------------- Update Information: Use source tarball without squashfuse build artefacts. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 4 2025 David Trudgian <dtrudg@xxxxxxxxx> - 4.3.3-2 - Use source tarball without squashfuse build artefacts. rhbz#2392889 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2392889 - Singularity version 4.3.2 won't update to version 4.3.3 https://bugzilla.redhat.com/show_bug.cgi?id=2392889 -------------------------------------------------------------------------------- ================================================================================ snapd-2.71-0.el8 (FEDORA-EPEL-2025-0238d5b455) A transactional software package manager -------------------------------------------------------------------------------- Update Information: FDE: auto-repair when recovery key is used FDE: revoke keys on shim update FDE: revoke old TPM keys when dbx has been updated FDE: do not reseal FDE hook keys every time FDE: store keys in the kernel keyring when installing from initrd FDE: allow disabled DMA on Core FDE: snap-bootstrap: do not check for partition in scan-disk on CVM FDE: support secboot preinstall check for 25.10+ hybrid installs via the /v2/system/{label} endpoint FDE: support generating recovery key at install time via the /v2/systems/{label} endpoint FDE: update passphrase quality check at install time via the /v2/systems/{label} endpoint FDE: support replacing recovery key at runtime via the new /v2/system-volumes endpoint FDE: support checking recovery keys at runtime via the /v2/system- volumes endpoint FDE: support enumerating keyslots at runtime via the /v2/system- volumes endpoint FDE: support changing passphrase at runtime via the /v2/system- volumes endpoint FDE: support passphrase quality check at runtime via the /v2/system-volumes endpoint FDE: update secboot to revision 3e181c8edf0f Confdb: support lists and indexed paths on read and write Confdb: alias references must be wrapped in brackets Confdb: support indexed paths in confdb-schema assertion Confdb: make API errors consistent with options Confdb: fetch confdb-schema assertion on access Confdb: prevent --previous from being used in read-side hooks Components: fix snap command with multiple components Components: set revision of seed components to x1 Components: unmount extra kernel-modules components mounts AppArmor Prompting: add lifespan "session" for prompting rules AppArmor Prompting: support restoring prompts after snapd restart AppArmor Prompting: limit the extra information included in probed AppArmor features and system key Notices: refactor notice state internals SELinux: look for restorecon/matchpathcon at all known locations rather than current PATH SELinux: update policy to allow watching cgroups (for RAA), and talking to user session agents (service mgmt/refresh) Refresh App Awareness: Fix unexpected inotify file descriptor cleanup snap-confine: workaround for glibc fchmodat() fallback and handle ENOSYS snap-confine: add support for host policy for limiting users able to run snaps LP: #2114923 Reject system key mismatch advise when not yet seeded Use separate lanes for essential and non-essential snaps during seeding and allow non-essential installs to retry Fix bug preventing remodel from core18 to core18 when snapd snap is unchanged LP: #2112551 Make removal of last active revision of a snap equal to snap remove LP: #2114779 Allow non-gpt in fallback mode to support RPi Switch from using systemd LogNamespace to manually controlled journal quotas Change snap command trace logging to only log the command names Grant desktop-launch access to /v2/snaps Update code for creating the snap journal stream Switch from using core to snapd snap for snap debug connectivity LP: #2112544 Fix offline remodel case where we switched to a channel without an actual refresh LP: #2112332 Exclude snap/snapd/preseeding when generating preseed tarball LP: #1952500 Fix snap command progress reporting LP: #1849346 Interfaces: kerberos-tickets | add new interface Interfaces: u2f | add support for Thetis Pro Interfaces: u2f | add OneSpan device and fix older device Interfaces: pipewire, audio-playback | support pipewire as system daemon Interfaces: gpg-keys | allow access to GPG agent sockets Interfaces: usb-gadget | add new interface Interfaces: snap-fde-control, firmware-updater-support | add new interfaces to support FDE Interfaces: timezone-control | extend to support timedatectl varlink Interfaces: cpu-control | fix rules for accessing IRQ sysfs and procfs directories Interfaces: microstack-support | allow SR-IOV attachments Interfaces: modify AppArmor template to allow snaps to read their own systemd credentials Interfaces: posix-mq | allow stat on /dev/mqueue LP: #2098780 Interfaces: log-observe | add capability dac_read_search Interfaces: block-devices | allow access to ZFS pools and datasets LP: #2033883 Interfaces: block-devices | opt-in access to individual partitions Interfaces: accel | add new interface to support accel kernel subsystem Interfaces: shutdown | allow client to bind on its side of dbus socket Interfaces: modify seccomp template to allow pwritev2 Interfaces: modify AppArmor template to allow reading /proc/sys/fs/nr_open Packaging: drop snap.failure service for openSUSE Packaging: add SELinux support for openSUSE Packaging: disable optee when using nooptee build tag Packaging: add support for static PIE builds in snapd.mk, drop pie.patch from openSUSE Packaging: add libcap2-bin runtime dependency for ubuntu-16.04 Packaging: use snapd.mk for packaging on Fedora Packaging: exclude .git directory Packaging: fix DPKG_PARSECHANGELOG assignment Packaging: fix building on Fedora with dpkg installed -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 22 2025 Ernest Lotter <ernest.lotter@xxxxxxxxxxxxx> - New upstream release 2.71 - FDE: auto-repair when recovery key is used - FDE: revoke keys on shim update - FDE: revoke old TPM keys when dbx has been updated - FDE: do not reseal FDE hook keys every time - FDE: store keys in the kernel keyring when installing from initrd - FDE: allow disabled DMA on Core - FDE: snap-bootstrap: do not check for partition in scan-disk on CVM - FDE: support secboot preinstall check for 25.10+ hybrid installs via the /v2/system/{label} endpoint - FDE: support generating recovery key at install time via the /v2/systems/{label} endpoint - FDE: update passphrase quality check at install time via the /v2/systems/{label} endpoint - FDE: support replacing recovery key at runtime via the new /v2/system-volumes endpoint - FDE: support checking recovery keys at runtime via the /v2/system- volumes endpoint - FDE: support enumerating keyslots at runtime via the /v2/system- volumes endpoint - FDE: support changing passphrase at runtime via the /v2/system- volumes endpoint - FDE: support passphrase quality check at runtime via the /v2/system-volumes endpoint - FDE: update secboot to revision 3e181c8edf0f - Confdb: support lists and indexed paths on read and write - Confdb: alias references must be wrapped in brackets - Confdb: support indexed paths in confdb-schema assertion - Confdb: make API errors consistent with options - Confdb: fetch confdb-schema assertion on access - Confdb: prevent --previous from being used in read-side hooks - Components: fix snap command with multiple components - Components: set revision of seed components to x1 - Components: unmount extra kernel-modules components mounts - AppArmor Prompting: add lifespan "session" for prompting rules - AppArmor Prompting: support restoring prompts after snapd restart - AppArmor Prompting: limit the extra information included in probed AppArmor features and system key - Notices: refactor notice state internals - SELinux: look for restorecon/matchpathcon at all known locations rather than current PATH - SELinux: update policy to allow watching cgroups (for RAA), and talking to user session agents (service mgmt/refresh) - Refresh App Awareness: Fix unexpected inotify file descriptor cleanup - snap-confine: workaround for glibc fchmodat() fallback and handle ENOSYS - snap-confine: add support for host policy for limiting users able to run snaps - LP: #2114923 Reject system key mismatch advise when not yet seeded - Use separate lanes for essential and non-essential snaps during seeding and allow non-essential installs to retry - Fix bug preventing remodel from core18 to core18 when snapd snap is unchanged - LP: #2112551 Make removal of last active revision of a snap equal to snap remove - LP: #2114779 Allow non-gpt in fallback mode to support RPi - Switch from using systemd LogNamespace to manually controlled journal quotas - Change snap command trace logging to only log the command names - Grant desktop-launch access to /v2/snaps - Update code for creating the snap journal stream - Switch from using core to snapd snap for snap debug connectivity - LP: #2112544 Fix offline remodel case where we switched to a channel without an actual refresh - LP: #2112332 Exclude snap/snapd/preseeding when generating preseed tarball - LP: #1952500 Fix snap command progress reporting - LP: #1849346 Interfaces: kerberos-tickets | add new interface - Interfaces: u2f | add support for Thetis Pro - Interfaces: u2f | add OneSpan device and fix older device - Interfaces: pipewire, audio-playback | support pipewire as system daemon - Interfaces: gpg-keys | allow access to GPG agent sockets - Interfaces: usb-gadget | add new interface - Interfaces: snap-fde-control, firmware-updater-support | add new interfaces to support FDE - Interfaces: timezone-control | extend to support timedatectl varlink - Interfaces: cpu-control | fix rules for accessing IRQ sysfs and procfs directories - Interfaces: microstack-support | allow SR-IOV attachments - Interfaces: modify AppArmor template to allow snaps to read their own systemd credentials - Interfaces: posix-mq | allow stat on /dev/mqueue - LP: #2098780 Interfaces: log-observe | add capability dac_read_search - Interfaces: block-devices | allow access to ZFS pools and datasets - LP: #2033883 Interfaces: block-devices | opt-in access to individual partitions - Interfaces: accel | add new interface to support accel kernel subsystem - Interfaces: shutdown | allow client to bind on its side of dbus socket - Interfaces: modify seccomp template to allow pwritev2 - Interfaces: modify AppArmor template to allow reading /proc/sys/fs/nr_open - Packaging: drop snap.failure service for openSUSE - Packaging: add SELinux support for openSUSE - Packaging: disable optee when using nooptee build tag - Packaging: add support for static PIE builds in snapd.mk, drop pie.patch from openSUSE - Packaging: add libcap2-bin runtime dependency for ubuntu-16.04 - Packaging: use snapd.mk for packaging on Fedora - Packaging: exclude .git directory - Packaging: fix DPKG_PARSECHANGELOG assignment - Packaging: fix building on Fedora with dpkg installed * Fri Aug 15 2025 Maxwell G <maxwell@xxxxxxx> - 2.70-3 - Rebuild for golang-1.25.0 * Fri Jul 25 2025 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.70-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild -------------------------------------------------------------------------------- -- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
