The following Fedora EPEL 8 Security updates need testing:
Age URL
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-cc5498e802
python-pdfminer-20220319-3.el8
The following builds have been pushed to Fedora EPEL 8 updates-testing
distribution-gpg-keys-1.115-1.el8
mock-core-configs-43.3-1.el8
snapd-2.72-1.el8
Details about builds:
================================================================================
distribution-gpg-keys-1.115-1.el8 (FEDORA-EPEL-2025-6023c75bb3)
GPG keys of various Linux distributions
--------------------------------------------------------------------------------
Update Information:
https://rpm-software-management.github.io/mock/Release-Notes-Configs-43.3
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 10 2025 Miroslav Suchý <[email protected]> 1.115-1
- update copr keys
- Update for openSUSE 16 keys
- Update changelog
- Microsoft: add 2025 & open tech keys
- alpine-linux: Add loongarch64 key
- fedora: Update rawhide symlink
--------------------------------------------------------------------------------
================================================================================
mock-core-configs-43.3-1.el8 (FEDORA-EPEL-2025-6023c75bb3)
Mock core config files basic chroots
--------------------------------------------------------------------------------
Update Information:
https://rpm-software-management.github.io/mock/Release-Notes-Configs-43.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 14 2025 Pavel Raiskup <[email protected]> 43.3-1
- Add openSUSE Leap 16.0 configurations ([email protected])
- Update Kylin OS images and comments ([email protected])
--------------------------------------------------------------------------------
================================================================================
snapd-2.72-1.el8 (FEDORA-EPEL-2025-02e1f604de)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
FDE: support replacing TPM protected keys at runtime via the
/v2/system-volumes endpoint
FDE: support secboot preinstall check fix actions for 25.10+
hybrid installs via the /v2/system/{label} endpoint
FDE: tweak polkit message to remove jargon
FDE: ensure proper sealing with kernel command line defaults
FDE: provide generic reseal function
FDE: support using OPTEE for protecting keys, as an alternative to
existing fde-setup hooks (Ubuntu Core only)
Confdb: 'snapctl get --view' supports passing default values
Confdb: content sub-rules in confdb-schemas inherit their parent
rule's "access"
Confdb: make confdb error kinds used in API more generic
Confdb: fully support lists and indexed paths (including unset)
Prompting: add notice backend for prompting types (unused for now)
Prompting: include request cgroup in prompt
Prompting: handle unsupported xattrs
Prompting: add permission mapping for the camera interface
Notices: read notices from state without state lock
Notices: add methods to get notice fields and create, reoccur, and
deepcopy notice
Notices: add notice manager to coordinate separate notice backends
Notices: support draining notices from state when notice backend
registered as producer of a particular notice type
Notices: query notice manager from daemon instead of querying
state for notices directly
Packaging: Ubuntu | ignore .git directory
Packaging: FIPS | bump deb Go FIPS to 1.23
Packaging: snap | bump FIPS toolchain to 1.23
Packaging: debian | sync most upstream changes
Packaging: debian-sid | depends on libcap2-bin for postint
Packaging: Fedora | drop fakeroot
Packaging: snap | modify snapd.mk to pass build tags when running
unit tests
Packaging: snap | modify snapd.mk to pass nooptee build tag
Packaging: modify Makefile.am to fix snap-confine install profile
with 'make hack'
Packaging: modify Makefile.am to fix out-of-tree use of 'make
hack'
LP: #2122054 Snap installation: skip snap icon download when
running in a cloud or using a proxy store
Snap installation: add timeout to http client when downloading
snap icon
Snap installation: use http(s) proxy for icon downloads
LP: #2117558 snap-confine: fix error message with /root/snap not
accessible
snap-confine: fix non-suid limitation by switching to root:root to
operate v1 freezer
core-initrd: do not use writable-paths when not available
core-initrd: remove debian folder
Interfaces: gpio-chardev | re-enable the gpio-chardev
interface now with the more robust gpio-aggregator configfs kernel
interface
Interfaces: gpio-chardev | exclusive snap connections, raise a
conflict when both gpio-chardev and gpio are connected
Interfaces: gpio-chardev | fix gpio-aggregator module load order
Interfaces: ros-snapd-support | grant access to /v2/changes
Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,
opengl-driver-libs, opengles-driver-libs | new interfaces to
support nvidia driver components
Interfaces: microstack-support | allow DPDK (hugepage related
permissions)
Interfaces: system-observe | allow reading additional files in
/proc, needed by node-exporter
Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key
and Kensington VeriMark DT Fingerprint Key to device list
Interfaces: snap-interfaces-requests-control | allow shell API
control
Interfaces: fwupd | allow access to Intel CVS sysfs
Interfaces: hardware-observe | allow read access to Kernel
Samepage Merging (KSM)
Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP
Interfaces: spi | relax sysfs permission rules to allow access to
SPI device node attributes
Interfaces: content | introduce compatibility label
LP: #2121238 Interfaces: do not expose Kerberos tickets for
classic snaps
Interfaces: ssh-public-keys | allow ro access to public host keys
with ssh-key
Interfaces: Modify AppArmor template to allow listing systemd
credentials and invoking systemd-creds
Interfaces: modify AppArmor template with workarounds for Go 1.35
cgroup aware GOMAXPROCS
Interfaces: modify seccomp template to allow landlock_*
Prevent snap hooks from running while relevant snaps are unlinked
Make refreshes wait before unlinking snaps if running hooks can be
affected
Fix systemd unit generation by moving WantedBy= from section
[Unit] to [Install]
Add opt-in logging support for snap-update-ns
Unhide 'snap help' sign and export-key under Development category
LP: #2117121 Cleanly support socket activation for classic snap
Add architecture to 'snap version' output
Add 'snap debug api' option to disable authentication through
auth.json
Show grade in notes for snap info --verbose
Fix preseeding failure due to scan-disk issue on RPi
Support snap debug api queries to user session agents
LP: #2112626 Improve progress reporting for snap install/refresh
Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files
Fix /v2/apps error for root user when user services are present
LP: #2114704 Extend output to indicate when snap data snapshot was
created during remove
Improve how we handle emmc volumes
Improve handling of system-user extra assertion
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 13 2025 Ernest Lotter <[email protected]>
- New upstream release 2.72
- FDE: support replacing TPM protected keys at runtime via the
/v2/system-volumes endpoint
- FDE: support secboot preinstall check fix actions for 25.10+
hybrid installs via the /v2/system/{label} endpoint
- FDE: tweak polkit message to remove jargon
- FDE: ensure proper sealing with kernel command line defaults
- FDE: provide generic reseal function
- FDE: support using OPTEE for protecting keys, as an alternative to
existing fde-setup hooks (Ubuntu Core only)
- Confdb: 'snapctl get --view' supports passing default values
- Confdb: content sub-rules in confdb-schemas inherit their parent
rule's "access"
- Confdb: make confdb error kinds used in API more generic
- Confdb: fully support lists and indexed paths (including unset)
- Prompting: add notice backend for prompting types (unused for now)
- Prompting: include request cgroup in prompt
- Prompting: handle unsupported xattrs
- Prompting: add permission mapping for the camera interface
- Notices: read notices from state without state lock
- Notices: add methods to get notice fields and create, reoccur, and
deepcopy notice
- Notices: add notice manager to coordinate separate notice backends
- Notices: support draining notices from state when notice backend
registered as producer of a particular notice type
- Notices: query notice manager from daemon instead of querying
state for notices directly
- Packaging: Ubuntu | ignore .git directory
- Packaging: FIPS | bump deb Go FIPS to 1.23
- Packaging: snap | bump FIPS toolchain to 1.23
- Packaging: debian | sync most upstream changes
- Packaging: debian-sid | depends on libcap2-bin for postint
- Packaging: Fedora | drop fakeroot
- Packaging: snap | modify snapd.mk to pass build tags when running
unit tests
- Packaging: snap | modify snapd.mk to pass nooptee build tag
- Packaging: modify Makefile.am to fix snap-confine install profile
with 'make hack'
- Packaging: modify Makefile.am to fix out-of-tree use of 'make
hack'
- LP: #2122054 Snap installation: skip snap icon download when
running in a cloud or using a proxy store
- Snap installation: add timeout to http client when downloading
snap icon
- Snap installation: use http(s) proxy for icon downloads
- LP: #2117558 snap-confine: fix error message with /root/snap not
accessible
- snap-confine: fix non-suid limitation by switching to root:root to
operate v1 freezer
- core-initrd: do not use writable-paths when not available
- core-initrd: remove debian folder
- LP: #1916244 Interfaces: gpio-chardev | re-enable the gpio-chardev
interface now with the more robust gpio-aggregator configfs kernel
interface
- Interfaces: gpio-chardev | exclusive snap connections, raise a
conflict when both gpio-chardev and gpio are connected
- Interfaces: gpio-chardev | fix gpio-aggregator module load order
- Interfaces: ros-snapd-support | grant access to /v2/changes
- Interfaces: uda-driver-libs, egl-driver-libs, gbm-driver-libs,
opengl-driver-libs, opengles-driver-libs | new interfaces to
support nvidia driver components
- Interfaces: microstack-support | allow DPDK (hugepage related
permissions)
- Interfaces: system-observe | allow reading additional files in
/proc, needed by node-exporter
- Interfaces: u2f | add Cano Key, Thesis FIDO2 BioFP+ Security Key
and Kensington VeriMark DT Fingerprint Key to device list
- Interfaces: snap-interfaces-requests-control | allow shell API
control
- Interfaces: fwupd | allow access to Intel CVS sysfs
- Interfaces: hardware-observe | allow read access to Kernel
Samepage Merging (KSM)
- Interfaces: xilinx-dma | support Multi Queue DMA (QDMA) IP
- Interfaces: spi | relax sysfs permission rules to allow access to
SPI device node attributes
- Interfaces: content | introduce compatibility label
- LP: #2121238 Interfaces: do not expose Kerberos tickets for
classic snaps
- Interfaces: ssh-public-keys | allow ro access to public host keys
with ssh-key
- Interfaces: Modify AppArmor template to allow listing systemd
credentials and invoking systemd-creds
- Interfaces: modify AppArmor template with workarounds for Go 1.35
cgroup aware GOMAXPROCS
- Interfaces: modify seccomp template to allow landlock_*
- Prevent snap hooks from running while relevant snaps are unlinked
- Make refreshes wait before unlinking snaps if running hooks can be
affected
- Fix systemd unit generation by moving "WantedBy=" from section
"unit" to "install"
- Add opt-in logging support for snap-update-ns
- Unhide 'snap help' sign and export-key under Development category
- LP: #2117121 Cleanly support socket activation for classic snap
- Add architecture to 'snap version' output
- Add 'snap debug api' option to disable authentication through
auth.json
- Show grade in notes for 'snap info --verbose'
- Fix preseeding failure due to scan-disk issue on RPi
- Support 'snap debug api' queries to user session agents
- LP: #2112626 Improve progress reporting for snap install/refresh
- Drop legacy BAMF_DESKTOP_FILE_HINT in desktop files
- Fix /v2/apps error for root user when user services are present
- LP: #2114704 Extend output to indicate when snap data snapshot was
created during remove
- Improve how we handle emmc volumes
- Improve handling of system-user extra assertions
* Fri Oct 10 2025 Alejandro Sáez <[email protected]> - 2.71-1
- rebuild
--------------------------------------------------------------------------------
--
_______________________________________________
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
