subject:"\[EPEL\-devel\] Re\: Sort\-of\-incompatible, but critically needed, update to duo

[EPEL-devel] Re: Sort-of-incompatible, but critically needed, update to duo_unix for EPEL 9

2026-01-22 Thread Michel Lind

On Thu, 2026-01-22 at 11:47 +, Michel Lind wrote:
> Filed EPEL incompatible update exception request:
> https://pagure.io/epel/issue/360
> 
> 

EPEL 8, 10.1 and 10.2 updates built and ready for testing; I've
disabled auto-push until we get clearance to do this in the ticket
above.

But affected parties can test now

https://bodhi.fedoraproject.org/updates/?search=duo_unix-2.2.3-1&releases=EPEL-9&releases=EPEL-8&releases=EPEL-10.2&releases=EPEL-10.1

Best regards,


> On Thu, 2026-01-22 at 11:39 +, Michel Lind wrote:
> > Hi all,
> > 
> > Per https://bugzilla.redhat.com/show_bug.cgi?id=2428862
> > 
> > duo_unix needs to be updated to >= 2.1.0 by February 2 due to old
> > versions' CA bundles expiring.
> > 
> > This is mostly compatible with the old 1.1.2 version we package,
> > with
> > this one exception:
> > 
> > https://github.com/duosecurity/duo_unix/releases/tag/duo_unix-2.0.0
> > 
> > https://github.com/duosecurity/duo_unix/pull/233
> > 
> > and the change is sensible
> > 
> > > Changed the behavior of su when the target user is not root. The
> > target user will need to complete 2FA rather than the original
> > user.
> > 
> > (previously when you su, you need the password of the target user
> > but
> > your own 2FA which negates ... the point of 2FA)
> > 
> > Out of caution we want to flag this in epel-devel following
> > https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
> > 
> > Given the time crunch we will submit this to testing while
> > discussion
> > is ongoing, so this can get some testing while discussion is
> > ongoing,
> > once the rebase PR is scratch-built
> > https://src.fedoraproject.org/rpms/duo_unix/pull-request/3
> > 
> > (it was delayed yesterday due to a transient issue building for
> > EPEL
> > 9
> > - https://forge.fedoraproject.org/epel/releng/issues/78)
> > 
> > Best regards,

-- 
 _o) Michel Lind
_( ) https://keyoxide.org/5dce2e7e9c3b1cffd335c1d78b229d2f7ccc04f2
 README:https://fedoraproject.org/wiki/User:Salimma#README


signature.asc
Description: This is a digitally signed message part
-- 
___
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Sort-of-incompatible, but critically needed, update to duo_unix for EPEL 9

2026-01-22 Thread Michel Lind

Filed EPEL incompatible update exception request:
https://pagure.io/epel/issue/360


On Thu, 2026-01-22 at 11:39 +, Michel Lind wrote:
> Hi all,
> 
> Per https://bugzilla.redhat.com/show_bug.cgi?id=2428862
> 
> duo_unix needs to be updated to >= 2.1.0 by February 2 due to old
> versions' CA bundles expiring.
> 
> This is mostly compatible with the old 1.1.2 version we package, with
> this one exception:
> 
> https://github.com/duosecurity/duo_unix/releases/tag/duo_unix-2.0.0
> 
> https://github.com/duosecurity/duo_unix/pull/233
> 
> and the change is sensible
> 
> > Changed the behavior of su when the target user is not root. The
> target user will need to complete 2FA rather than the original user.
> 
> (previously when you su, you need the password of the target user but
> your own 2FA which negates ... the point of 2FA)
> 
> Out of caution we want to flag this in epel-devel following
> https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/
> 
> Given the time crunch we will submit this to testing while discussion
> is ongoing, so this can get some testing while discussion is ongoing,
> once the rebase PR is scratch-built
> https://src.fedoraproject.org/rpms/duo_unix/pull-request/3
> 
> (it was delayed yesterday due to a transient issue building for EPEL
> 9
> - https://forge.fedoraproject.org/epel/releng/issues/78)
> 
> Best regards,


signature.asc
Description: This is a digitally signed message part
-- 
___
epel-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Sort-of-incompatible, but critically needed, update to duo_unix for EPEL 9

[EPEL-devel] Re: Sort-of-incompatible, but critically needed, update to duo_unix for EPEL 9

2 matches

Site Navigation

Mail list logo

Footer information