[EPEL-devel] Fedora EPEL 8 updates-testing report

[updates]

The following Fedora EPEL 8 Security updates need testing:
 Age  URL
  96  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-5b2095e2c2   
xpdf-4.06-1.el8
   6  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-82f07c2a59   
apptainer-1.4.5-3.el8
   5  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2026-ba6edda336   
libmodbus-3.1.12-1.el8


The following builds have been pushed to Fedora EPEL 8 updates-testing

    beakerlib-1.33.1-1.el8
    coturn-4.9.0-1.el8
    objfw-1.5.1-1.el8
    openbao-2.5.1-1.el8
    radicale-3.6.1-1.el8
    valkey-8.0.7-1.el8
    zork-1.0.3-12.el8

Details about builds:


================================================================================
 beakerlib-1.33.1-1.el8 (FEDORA-EPEL-2026-751e8a94fd)
 A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:

Automatic update for beakerlib-1.33.1-1.el8.
Changelog for beakerlib
* Tue Feb 24 2026 Dalibor Pospisil <dapos...@redhat.com> - 1.33.1
- updated the dnf/yum rpm dependencies, by yselkowitz
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Dalibor Pospisil <dapos...@redhat.com> - 1.33.1
- updated the dnf/yum rpm dependencies, by yselkowitz
--------------------------------------------------------------------------------


================================================================================
 coturn-4.9.0-1.el8 (FEDORA-EPEL-2026-5537969548)
 TURN/STUN & ICE Server
--------------------------------------------------------------------------------
Update Information:

Coturn 4.9.0
Multiple security fixes
Fix to Web Admin password check
Cleanup of deprecated OpenSSL APIs
Fix for CVE-2026-27624: Bypass localhost and IP range block using IPv4-mapped
IPv6
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 25 2026 Robert Scheck <rob...@fedoraproject.org> - 4.9.0-1
- Upgrade to 4.9.0 (#2442144)
- Add patch to build successfully using OpenSSL 1.1.1 on RHEL 8
* Fri Jan 16 2026 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jan 16 2026 Fedora Release Engineering <rel...@fedoraproject.org> - 
4.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2442144 - coturn-4.9.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2442144
--------------------------------------------------------------------------------


================================================================================
 objfw-1.5.1-1.el8 (FEDORA-EPEL-2026-e3147a9525)
 Portable, lightweight framework for the Objective-C language
--------------------------------------------------------------------------------
Update Information:

Fixes a deadlock.
Update to 1.5
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Jonathan Schleifer <j...@fedoraproject.org> - 1.5.1-1
- Update to 1.5.1
* Sun Feb 22 2026 Jonathan Schleifer <j...@fedoraproject.org> - 1.5-2
- Add CMake files to %files
* Sun Feb 22 2026 Jonathan Schleifer <j...@fedoraproject.org> - 1.5-1
- Update to 1.5
--------------------------------------------------------------------------------


================================================================================
 openbao-2.5.1-1.el8 (FEDORA-EPEL-2026-514cb99c8f)
 A tool for securely accessing secrets
--------------------------------------------------------------------------------
Update Information:

Update to upstream 2.5.1  Also fixes CVE-2025-58189, CVE-2025-61723,
CVE-2025-61725, CVE-2025-58183, CVE-2025-58185, CVE-2025-58188 on epel-8.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Dave Dykstra <2129743+drda...@users.noreply.github.com> - 
2.5.1-1
- update to upstream 2.5.1
* Wed Feb  4 2026 Dave Dykstra <2129743+drda...@users.noreply.github.com> - 
2.5.0-1
- update to 2.5.0
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2407513 - CVE-2025-58189 openbao: go crypto/tls ALPN negotiation 
error contains attacker controlled information [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2407513
  [ 2 ] Bug #2408542 - CVE-2025-61725 openbao: Excessive CPU consumption in 
ParseAddress in net/mail [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408542
  [ 3 ] Bug #2408965 - CVE-2025-61723 openbao: Quadratic complexity when 
parsing some invalid inputs in encoding/pem [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2408965
  [ 4 ] Bug #2409907 - CVE-2025-58185 openbao: Parsing DER payload can cause 
memory exhaustion in encoding/asn1 [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2409907
  [ 5 ] Bug #2410847 - CVE-2025-58188 openbao: Panic when validating 
certificates with DSA public keys in crypto/x509 [epel-8]
        https://bugzilla.redhat.com/show_bug.cgi?id=2410847
  [ 6 ] Bug #2412489 - CVE-2025-58183 openbao: Unbounded allocation when 
parsing GNU sparse map [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2412489
--------------------------------------------------------------------------------


================================================================================
 radicale-3.6.1-1.el8 (FEDORA-EPEL-2026-cfc9e528b4)
 A simple CalDAV (calendar) and CardDAV (contact) server
--------------------------------------------------------------------------------
Update Information:

Update to 3.6.1
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Peter Bieringer <p...@bieringer.de>  - 3.6.1-1
- Update to 3.6.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2442224 - radicale-3.6.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2442224
--------------------------------------------------------------------------------


================================================================================
 valkey-8.0.7-1.el8 (FEDORA-EPEL-2026-6587a55db1)
 A persistent key-value database
--------------------------------------------------------------------------------
Update Information:

Valkey 8.0.7  -  Released Mon 23 February 2026
Upgrade urgency SECURITY: This release includes security fixes we recommend you
apply as soon as possible.
Security fixes
(CVE-2026-21863) Remote DoS with malformed Valkey Cluster bus message
(CVE-2025-67733) RESP Protocol Injection via Lua error_reply
Bug fixes
Fix ltrim should not call signalModifiedKey when no elements are removed (#2787)
Fix chained replica crash when doing dual channel replication (#2983)
Fix used_memory_dataset underflow due to miscalculated used_memory_overhead
(#3005)
Avoids crash during MODULE UNLOAD when ACL rules reference a module command and
subcommand (#3160)
Fix server assert on ACL LOAD and resetchannels (#3182)
Fix bug causing no response flush sometimes when IO threads are busy (#3205)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 24 2026 Remi Collet <r...@fedoraproject.org> - 8.0.7-1
- Valkey 8.0.7 - Released Mon 23 February 2026
- Upgrade urgency SECURITY: This release includes security fixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2442219 - CVE-2025-67733 valkey: Valkey: Data tampering and denial 
of service via improper null character handling in Lua scripts [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2442219
  [ 2 ] Bug #2442230 - CVE-2026-21863 valkey: Valkey: Denial of Service via 
invalid clusterbus packet [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2442230
--------------------------------------------------------------------------------


================================================================================
 zork-1.0.3-12.el8 (FEDORA-EPEL-2026-9798056063)
 Public Domain original DUNGEON game (AKA, Zork)
--------------------------------------------------------------------------------
Update Information:

Fix FTBFS. Thanks @limb for the hotfix.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 22 2026 Justin Wheeler <jwh...@fedoraproject.org> - 1.0.3-12
- Fix FTBFS. Thanks @limb for the hotfix.
- Upstream work ongoing for improved support with newer versions of the C 
programming language and compilers.
* Sat Jan 17 2026 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jan 19 2025 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
* Sat Jul 20 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Sat Jan 27 2024 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat Jan 22 2022 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jul 23 2021 Fedora Release Engineering <rel...@fedoraproject.org> - 
1.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------


-- 
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new