Fedora 41 Update: rust-reqsign-0.18.0-1.fc41
Fedora 41 Update: rust-interpolator-0.5.0-3.fc41
Fedora 41 Update: rust-quote-use-macros-0.8.4-1.fc41
Fedora 43 Update: skopeo-1.20.0-5.fc43
Fedora 41 Update: rust-collection_literals-1.0.3-1.fc41
Fedora 41 Update: rust-manyhow-0.11.4-1.fc41
Fedora 41 Update: rust-attribute-derive-macro-0.10.5-1.fc41
Fedora 41 Update: rust-quote-use-0.8.4-2.fc41
Fedora 41 Update: rust-manyhow-macros-0.11.4-1.fc41
Fedora 41 Update: rust-get-size2-0.7.0-2.fc41
Fedora 41 Update: rust-get-size-derive2-0.7.0-1.fc41
Fedora 41 Update: python-uv-build-0.9.5-1.fc41
Fedora 43 Update: Thunar-4.20.6-1.fc43
Fedora 41 Update: rust-attribute-derive-0.10.5-1.fc41
Fedora 41 Update: rust-astral-tokio-tar-0.5.6-1.fc41
Fedora 41 Update: rust-backon-1.6.0-1.fc41
Fedora 41 Update: ruff-0.14.2-1.fc41
Fedora 41 Update: openapi-python-client-0.24.3-2.fc41
Fedora 42 Update: samba-4.22.6-1.fc42
Fedora 42 Update: uv-0.9.5-1.fc42
Fedora 42 Update: rust-tikv-jemallocator-0.6.1-1.fc42
Fedora 42 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc42
Fedora 42 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc42
Fedora 42 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc42
Fedora 42 Update: rust-reqsign-core-2.0.0-1.fc42
Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.0-1.fc42
Fedora 42 Update: rust-collection_literals-1.0.3-1.fc42
Fedora 42 Update: rust-quote-use-macros-0.8.4-1.fc42
Fedora 42 Update: rust-reqsign-aws-v4-2.0.0-1.fc42
Fedora 42 Update: rust-interpolator-0.5.0-3.fc42
Fedora 42 Update: rust-reqsign-0.18.0-1.fc42
Fedora 42 Update: rust-manyhow-0.11.4-1.fc42
Fedora 42 Update: rust-manyhow-macros-0.11.4-1.fc42
Fedora 42 Update: rust-quote-use-0.8.4-2.fc42
Fedora 42 Update: rust-get-size-derive2-0.7.0-1.fc42
Fedora 42 Update: rust-get-size2-0.7.0-2.fc42
Fedora 42 Update: rust-proc-macro-utils-0.10.0-1.fc42
Fedora 42 Update: rust-astral-tokio-tar-0.5.6-1.fc42
Fedora 42 Update: rust-attribute-derive-macro-0.10.5-1.fc42
Fedora 42 Update: python-uv-build-0.9.5-1.fc42
Fedora 42 Update: ruff-0.14.2-1.fc42
Fedora 42 Update: rust-attribute-derive-0.10.5-1.fc42
Fedora 42 Update: openapi-python-client-0.26.2-4.fc42
Fedora 41 Update: uv-0.9.5-1.fc41
Fedora 41 Update: rust-tikv-jemallocator-0.6.1-1.fc41
Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc41
Fedora 41 Update: rust-reqsign-core-2.0.0-1.fc41
Fedora 41 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc41
Fedora 41 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc41
Fedora 41 Update: rust-reqsign-aws-v4-2.0.0-1.fc41
Fedora 41 Update: rust-reqsign-command-execute-tokio-2.0.0-1.fc41
Fedora 41 Update: rust-proc-macro-utils-0.10.0-1.fc41
[SECURITY] Fedora 41 Update: rust-reqsign-0.18.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign
Product : Fedora 41
Version : 0.18.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign
Summary : Signing HTTP requests for popular cloud services
Description :
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent
and Oracle services.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.18.0-1
- Update to version 0.18.0
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-interpolator-0.5.0-3.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-interpolator
Product : Fedora 41
Version : 0.5.0
Release : 3.fc41
URL : https://crates.io/crates/interpolator
Summary : Runtime format strings, fully compatible with std's macros
Description :
Runtime format strings, fully compatible with std's macros.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-3
- Omit some unnecessary dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-2
- No longer allow proptest-derive 0.5
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-1
- Initial package (close RHBZ#2398112)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-quote-use-macros-0.8.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-quote-use-macros
Product : Fedora 41
Version : 0.8.4
Release : 1.fc41
URL : https://crates.io/crates/quote-use-macros
Summary : Support use in procmacros hygienically
Description :
Support `use` in procmacros hygienically.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Initial package (close RHBZ#2398054)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: skopeo-1.20.0-5.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-af04521261
2025-11-03 01:37:06.585308+00:00
--------------------------------------------------------------------------------
Name : skopeo
Product : Fedora 43
Version : 1.20.0
Release : 5.fc43
URL : https://github.com/containers/skopeo
Summary : Inspect container images and repositories on registries
Description :
Command line utility to inspect images and repositories directly on Docker
registries without the need to pull them
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2025-58189, CVE-2025-61725
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 31 2025 Lokesh Mandvekar [lsm5@redhat.com] - 1:1.20.0-5
- Resolves: CVE-2025-58189, CVE-2025-61725
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2408347 - CVE-2025-58189 skopeo: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408347
[ 2 ] Bug #2408745 - CVE-2025-61725 skopeo: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
https://bugzilla.redhat.com/show_bug.cgi?id=2408745
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-af04521261' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-collection_literals-1.0.3-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-collection_literals
Product : Fedora 41
Version : 1.0.3
Release : 1.fc41
URL : https://crates.io/crates/collection_literals
Summary : Easy-to-use macros for initializing any collection
Description :
Easy-to-use macros for initializing any collection.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2400587
- Upstream now provides a LICENSE file
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.2-1
- Initial package (close RHBZ#2398064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-manyhow-0.11.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-manyhow
Product : Fedora 41
Version : 0.11.4
Release : 1.fc41
URL : https://crates.io/crates/manyhow
Summary : Proc macro error handling ?? la anyhow x proc-macro-error
Description :
Proc macro error handling ?? la anyhow x proc-macro-error.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.4-1
- Initial package (close RHBZ#2398062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: rust-attribute-derive-macro-0.10.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-attribute-derive-macro
Product : Fedora 41
Version : 0.10.5
Release : 1.fc41
URL : https://crates.io/crates/attribute-derive-macro
Summary : Clap for proc macro attributes
Description :
Clap for proc macro attributes.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.5-1
- Initial package (close RHBZ#2398120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-quote-use-0.8.4-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-quote-use
Product : Fedora 41
Version : 0.8.4
Release : 2.fc41
URL : https://crates.io/crates/quote-use
Summary : Support use in procmacros hygienically
Description :
Support `use` in procmacros hygienically.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-2
- Omit several unused dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Initial package (close RHBZ#2398057)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-manyhow-macros-0.11.4-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-manyhow-macros
Product : Fedora 41
Version : 0.11.4
Release : 1.fc41
URL : https://crates.io/crates/manyhow-macros
Summary : Macro for manyhow
Description :
Macro for manyhow.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.4-1
- Initial package (close RHBZ#2398059)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-get-size2-0.7.0-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-get-size2
Product : Fedora 41
Version : 0.7.0
Release : 2.fc41
URL : https://crates.io/crates/get-size2
Summary : Determine the size in bytes an object occupies inside RAM
Description :
Determine the size in bytes an object occupies inside RAM.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-2
- Add missing rust2rpm.toml file
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Initial package (close RHBZ#2398235)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-get-size-derive2-0.7.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-get-size-derive2
Product : Fedora 41
Version : 0.7.0
Release : 1.fc41
URL : https://crates.io/crates/get-size-derive2
Summary : Derives the GetSize trait
Description :
Derives the GetSize trait.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Initial package (close RHBZ#2398141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: python-uv-build-0.9.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 41
Version : 0.9.5
Release : 1.fc41
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-1
- Update to 0.9.5 (close RHBZ#2402881)
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.4-1
- Update to 0.9.4
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.3-1
- Update to 0.9.3
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.2-1
- Update to 0.9.2
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.1-1
- Update to 0.9.1
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.21-1
- Update to 0.8.21
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389312)
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-4
- Use the bundled reqwest-middleware, too
* Fri Sep 19 2025 Python Maint - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
* Tue Sep 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-2
- Rebuilt with rust-tracing-subscriber-0.3.20
- Fixes CVE-2025-58160: fixes RHBZ#2392055, fixes RHBZ#2392012, fixes
RHBZ#2391975
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-1
- Update to 0.8.11 (close RHBZ#2388438)
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.10-1
- Update to 0.8.10
* Fri Aug 15 2025 Python Maint - 0.8.9-2
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Aug 13 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.9-1
- Update to 0.8.9 (close RHBZ#2387765)
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.8-1
- Update to 0.8.8 (close RHBZ#2387092)
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.7-1
- Update to 0.8.7
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.6-1
- Update to 0.8.6
* Wed Aug 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.5-1
- Update to 0.8.5 (close RHBZ#2386645)
* Thu Jul 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Update to 0.8.4 (close RHBZ#2381737)
* Thu Jul 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.3-1
- Update to 0.8.3
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.2-1
- Update to 0.8.2
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.1-1
- Update to 0.8.1
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-1
- Update to 0.8.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jul 19 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.22-1
- Update to 0.7.22
* Tue Jul 15 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.21-1
- Update to 0.7.21 (close RHBZ#2379123)
* Thu Jul 10 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.20-1
- Update to 0.7.20 (close RHBZ#2379145)
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.19-1
- Update to 0.7.19 (close RHBZ#2375432)
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.18-1
- Update to 0.7.18
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.17-1
- Update to 0.7.17
* Sat Jun 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.16-1
- Update to 0.7.16 (close RHBZ#2374368)
* Sat Jun 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.15-1
- Update to 0.7.15
* Thu Jun 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.14-1
- Update to 0.7.14
* Thu Jun 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.13-2
- Correctly patch out foreign deps. in bundled crates
* Fri Jun 13 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.13-1
- Update to 0.7.13 (close RHBZ#2372600)
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.12-1
- Update to 0.7.12 (close RHBZ#2370052)
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.11-1
- Update to 0.7.11
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.10-1
- Update to 0.7.10
* Tue Jun 3 2025 Python Maint - 0.7.9-2
- Rebuilt for Python 3.14
* Sat May 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.9-1
- Update to 0.7.9 (close RHBZ#2369520)
* Sun May 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.8-1
- Update to 0.7.8 (close RHBZ#2368082)
* Tue May 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-1
- Update to 0.7.6 (close RHBZ#2367412)
* Sat May 17 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.5-1
- Update to 0.7.5 (close RHBZ#2362369)
* Sat May 17 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.4-1
- Update to 0.7.4
* Fri May 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.3-1
- Update to 0.7.3
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.2-1
- Update to 0.7.2
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to 0.7.1
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Update to 0.7.0
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.17-2
- F41+: Use the provisional pyproject declarative buildsystem
* Mon May 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.17-1
- Update to 0.6.17
* Fri Apr 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-3
- Fix a typo in the LICENSE expression (missing AND)
* Fri Apr 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-2
- Update ron to 0.10
* Tue Apr 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-1
- Update to 0.6.16 (close RHBZ#2361554)
- Update the License expression, primarily due to rust-idna 1.x
* Sat Apr 12 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.14-2
- Patch bundled pubgrub/version-ranges fork for ron 0.9.0 final
* Thu Apr 10 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.14-1
- Update to 0.6.14 (close RHBZ#2358749)
* Tue Apr 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.13-1
- Update to 0.6.13 (close RHBZ#2358054)
* Sat Apr 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.12-2
- Let LICENSE.dependencies be installed in the .dist-info
* Fri Apr 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.12-1
- Initial package (close RHBZ#2357473)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 43 Update: Thunar-4.20.6-1.fc43
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7a1a0e5bd8
2025-11-03 01:37:06.585272+00:00
--------------------------------------------------------------------------------
Name : Thunar
Product : Fedora 43
Version : 4.20.6
Release : 1.fc43
URL : http://thunar.xfce.org/
Summary : Thunar File Manager
Description :
Thunar is a new modern file manager for the Xfce Desktop Environment. It has
been designed from the ground up to be fast and easy-to-use. Its user interface
is clean and intuitive, and does not include any confusing or useless options.
Thunar is fast and responsive with a good start up time and directory load time.
--------------------------------------------------------------------------------
Update Information:
Update to 4.20.6, the latest stable bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 25 2025 Kevin Fenzi [kevin@scrye.com] - 4.20.6-1
- Update to 4.20.6. Fixes rhbz#2406294
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2406294 - Thunar 4.20.6 is available! Fedora's Thunar is significantly out of date
https://bugzilla.redhat.com/show_bug.cgi?id=2406294
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7a1a0e5bd8' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-attribute-derive-0.10.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-attribute-derive
Product : Fedora 41
Version : 0.10.5
Release : 1.fc41
URL : https://crates.io/crates/attribute-derive
Summary : Clap like parsing for attributes in proc-macros
Description :
Clap like parsing for attributes in proc-macros.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.5-1
- Initial package (close RHBZ#2398133)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-astral-tokio-tar-0.5.6-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 41
Version : 0.5.6
Release : 1.fc41
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-backon-1.6.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-backon
Product : Fedora 41
Version : 1.6.0
Release : 1.fc41
URL : https://crates.io/crates/backon
Summary : Make retry like a built-in feature provided by Rust
Description :
Make retry like a built-in feature provided by Rust.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.6.0-1
- Update to version 1.6.0; Fixes RHBZ#2404917
* Thu Aug 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.5.2-2
- Drop unnecessary sqlx dev-dependency
* Wed Jul 30 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.2-1
- Update to version 1.5.2; Fixes RHBZ#2384769
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 1.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Thu Jun 19 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.1-1
- Update to version 1.5.1
* Wed Apr 23 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.0-3
- Drop WASM-specific features
* Tue Apr 22 2025 Fabio Valentini [decathorpe@gmail.com] - 1.5.0-2
- Fix invalid rust2rpm.toml, regenerate spec, relax spin dependency
* Sun Apr 20 2025 Andreas Schneider [asn@redhat.com] - 1.5.0-1
- New package version 1.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: ruff-0.14.2-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 41
Version : 0.14.2
Release : 1.fc41
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort,
pydocstyle, pyupgrade, autoflake, and more, all while executing tens or
hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.2-1
- Update to version 0.14.2; Fixes RHBZ#2406135
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.1-2
- Double _smp_tasksize_proc again
- Builds for F41 were failing consistently on s390x
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.1-1
- Update to 0.14.1 (close RHBZ#2360699)
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.0-2
- Skip salsa???s execute_cancellation tests on all architectures
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.0-1
- Update to 0.14.0
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.3-1
- Update to 0.13.3
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.2-1
- Update to 0.13.2
* Thu Oct 16 2025 Gordon Messmer [gordon.messmer@gmail.com] - 0.12.1-2
- Use rpm's native resource tunable to limit parallelism.
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.1-1
- Update to 0.12.1
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.0-1
- Update to 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: openapi-python-client-0.24.3-2.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : openapi-python-client
Product : Fedora 41
Version : 0.24.3
Release : 2.fc41
URL : https://github.com/openapi-generators/openapi-python-client
Summary : Generate modern Python clients from OpenAPI
Description :
The openapi-python-client is a powerful tool designed to generate
modern Python clients from OpenAPI 3.0+ documents supporting both
synchronous and asynchronous HTTP requests. It automates the creation of
Python classes and methods that correspond to the endpoints and schema
defined in your OpenAPI specification, making it easier to interact with
your API in a type-safe manner.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.24.3-2
- Allow ruff 0.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: samba-4.22.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7d890563f6
2025-11-03 01:05:58.219447+00:00
--------------------------------------------------------------------------------
Name : samba
Product : Fedora 42
Version : 4.22.6
Release : 1.fc42
URL : https://www.samba.org
Summary : Server and Client software to interoperate with Windows machines
Description :
Samba is the standard Windows interoperability suite of programs for Linux and
Unix.
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.22.6 - Security fix for CVE-2025-9640 and CVE-2025-10230
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2025 G??nther Deschner [gd@samba.org] - 2:4.22.6-1
- Update to Samba 4.22.6
* Fri Oct 17 2025 G??nther Deschner [gd@samba.org] - 2:4.22.5-1
- Update to Samba 4.22.5
- resolves: rhbz#2391698 - Security fix for CVE-2025-9640
- resolves: rhbz#2394377 - Security fix for CVE-2025-10230
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2391698 - CVE-2025-9640 samba: vfs_streams_xattr uninitialized memory write possible
https://bugzilla.redhat.com/show_bug.cgi?id=2391698
[ 2 ] Bug #2394377 - CVE-2025-10230 samba: Command Injection in WINS Server Hook Script
https://bugzilla.redhat.com/show_bug.cgi?id=2394377
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7d890563f6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: uv-0.9.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 42
Version : 0.9.5
Release : 1.fc42
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-1
- Update to 0.9.5 (close RHBZ#2402923)
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.4-1
- Update to 0.9.4
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.3-1
- Update to 0.9.3
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.2-1
- Update to 0.9.2
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.1-1
- Update to 0.9.1
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-4
- Try to work around ???too many open files??? on 192-core builders
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-3
- Revert "Allow hashbrown 0.15 (for EPEL10.1)"
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer [gordon.messmer@gmail.com] - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-tikv-jemallocator-0.6.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-tikv-jemallocator
Product : Fedora 42
Version : 0.6.1
Release : 1.fc42
URL : https://crates.io/crates/tikv-jemallocator
Summary : Rust allocator backed by jemalloc
Description :
A Rust allocator backed by jemalloc.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-http-send-reqwest
Product : Fedora 42
Version : 2.0.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign-http-send-reqwest
Summary : Reqwest-based HTTP client implementation for reqsign
Description :
Reqwest-based HTTP client implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402443
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-tikv-jemalloc-sys
Product : Fedora 42
Version : 0.6.1
Release : 1.fc42
URL : https://crates.io/crates/tikv-jemalloc-sys
Summary : Rust FFI bindings to jemalloc
Description :
Rust FFI bindings to jemalloc.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-file-read-tokio
Product : Fedora 42
Version : 2.0.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign-file-read-tokio
Summary : Tokio-based file reader implementation for reqsign
Description :
Tokio-based file reader implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0
* Wed Oct 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-core-2.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-core
Product : Fedora 42
Version : 2.0.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign-core
Summary : Signing API requests without effort
Description :
Signing API requests without effort.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402441
* Tue Sep 30 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-command-execute-tokio-2.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-command-execute-tokio
Product : Fedora 42
Version : 2.0.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign-command-execute-tokio
Summary : Tokio-based command execution implementation for reqsign
Description :
Tokio-based command execution implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402442
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-collection_literals-1.0.3-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-collection_literals
Product : Fedora 42
Version : 1.0.3
Release : 1.fc42
URL : https://crates.io/crates/collection_literals
Summary : Easy-to-use macros for initializing any collection
Description :
Easy-to-use macros for initializing any collection.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.3-1
- Update to version 1.0.3; Fixes RHBZ#2400587
- Upstream now provides a LICENSE file
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.2-1
- Initial package (close RHBZ#2398064)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-quote-use-macros-0.8.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-quote-use-macros
Product : Fedora 42
Version : 0.8.4
Release : 1.fc42
URL : https://crates.io/crates/quote-use-macros
Summary : Support use in procmacros hygienically
Description :
Support `use` in procmacros hygienically.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Initial package (close RHBZ#2398054)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-aws-v4-2.0.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-aws-v4
Product : Fedora 42
Version : 2.0.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign-aws-v4
Summary : AWS SigV4 signing implementation for reqsign
Description :
AWS SigV4 signing implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0
* Sat Oct 11 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-interpolator-0.5.0-3.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-interpolator
Product : Fedora 42
Version : 0.5.0
Release : 3.fc42
URL : https://crates.io/crates/interpolator
Summary : Runtime format strings, fully compatible with std's macros
Description :
Runtime format strings, fully compatible with std's macros.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-3
- Omit some unnecessary dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-2
- No longer allow proptest-derive 0.5
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.0-1
- Initial package (close RHBZ#2398112)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-reqsign-0.18.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign
Product : Fedora 42
Version : 0.18.0
Release : 1.fc42
URL : https://crates.io/crates/reqsign
Summary : Signing HTTP requests for popular cloud services
Description :
Signing HTTP requests for AWS, Azure, Google, Huawei, Aliyun, Tencent
and Oracle services.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.18.0-1
- Update to version 0.18.0
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.17.0-1
- Initial package (close RHBZ#2400218)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-manyhow-0.11.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-manyhow
Product : Fedora 42
Version : 0.11.4
Release : 1.fc42
URL : https://crates.io/crates/manyhow
Summary : Proc macro error handling ?? la anyhow x proc-macro-error
Description :
Proc macro error handling ?? la anyhow x proc-macro-error.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.4-1
- Initial package (close RHBZ#2398062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-manyhow-macros-0.11.4-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-manyhow-macros
Product : Fedora 42
Version : 0.11.4
Release : 1.fc42
URL : https://crates.io/crates/manyhow-macros
Summary : Macro for manyhow
Description :
Macro for manyhow.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.11.4-1
- Initial package (close RHBZ#2398059)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-quote-use-0.8.4-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-quote-use
Product : Fedora 42
Version : 0.8.4
Release : 2.fc42
URL : https://crates.io/crates/quote-use
Summary : Support use in procmacros hygienically
Description :
Support `use` in procmacros hygienically.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 7 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-2
- Omit several unused dev-dependencies
* Sat Oct 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Initial package (close RHBZ#2398057)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-get-size-derive2-0.7.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-get-size-derive2
Product : Fedora 42
Version : 0.7.0
Release : 1.fc42
URL : https://crates.io/crates/get-size-derive2
Summary : Derives the GetSize trait
Description :
Derives the GetSize trait.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Initial package (close RHBZ#2398141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-get-size2-0.7.0-2.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-get-size2
Product : Fedora 42
Version : 0.7.0
Release : 2.fc42
URL : https://crates.io/crates/get-size2
Summary : Determine the size in bytes an object occupies inside RAM
Description :
Determine the size in bytes an object occupies inside RAM.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-2
- Add missing rust2rpm.toml file
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Initial package (close RHBZ#2398235)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-proc-macro-utils-0.10.0-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-proc-macro-utils
Product : Fedora 42
Version : 0.10.0
Release : 1.fc42
URL : https://crates.io/crates/proc-macro-utils
Summary : Low-level utilities on proc-macro and proc-macro2 types
Description :
Low-level utilities on proc-macro and proc-macro2 types.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.0-1
- Initial package (close RHBZ#2398050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.5.6-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-astral-tokio-tar
Product : Fedora 42
Version : 0.5.6
Release : 1.fc42
URL : https://crates.io/crates/astral-tokio-tar
Summary : Rust implementation of an async TAR file reader and writer
Description :
A Rust implementation of an async TAR file reader and writer. This
library does not currently handle compression, but it is abstract over
all I/O readers and writers. Additionally, great lengths are taken to
ensure that the entire contents are never required to be entirely
resident in memory all at once.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.5.6-1
- Update to version 0.5.6; Fixes RHBZ#2405351
- Security fix for CVE-2025-62518
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: rust-attribute-derive-macro-0.10.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-attribute-derive-macro
Product : Fedora 42
Version : 0.10.5
Release : 1.fc42
URL : https://crates.io/crates/attribute-derive-macro
Summary : Clap for proc macro attributes
Description :
Clap for proc macro attributes.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 11 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.5-1
- Initial package (close RHBZ#2398120)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: python-uv-build-0.9.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : python-uv-build
Product : Fedora 42
Version : 0.9.5
Release : 1.fc42
URL : https://pypi.org/project/uv-build
Summary : The uv build backend
Description :
This package is a slimmed down version of uv containing only the build
backend.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-1
- Update to 0.9.5 (close RHBZ#2402881)
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.4-1
- Update to 0.9.4
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.3-1
- Update to 0.9.3
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.2-1
- Update to 0.9.2
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.1-1
- Update to 0.9.1
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.21-1
- Update to 0.8.21
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389312)
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-4
- Use the bundled reqwest-middleware, too
* Fri Sep 19 2025 Python Maint - 0.8.11-3
- Rebuilt for Python 3.14.0rc3 bytecode
* Tue Sep 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-2
- Rebuilt with rust-tracing-subscriber-0.3.20
- Fixes CVE-2025-58160: fixes RHBZ#2392055, fixes RHBZ#2392012, fixes
RHBZ#2391975
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-1
- Update to 0.8.11 (close RHBZ#2388438)
* Sat Aug 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.10-1
- Update to 0.8.10
* Fri Aug 15 2025 Python Maint - 0.8.9-2
- Rebuilt for Python 3.14.0rc2 bytecode
* Wed Aug 13 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.9-1
- Update to 0.8.9 (close RHBZ#2387765)
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.8-1
- Update to 0.8.8 (close RHBZ#2387092)
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.7-1
- Update to 0.8.7
* Sat Aug 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.6-1
- Update to 0.8.6
* Wed Aug 6 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.5-1
- Update to 0.8.5 (close RHBZ#2386645)
* Thu Jul 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.4-1
- Update to 0.8.4 (close RHBZ#2381737)
* Thu Jul 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.3-1
- Update to 0.8.3
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.2-1
- Update to 0.8.2
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.1-1
- Update to 0.8.1
* Tue Jul 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.0-1
- Update to 0.8.0
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.7.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sat Jul 19 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.22-1
- Update to 0.7.22
* Tue Jul 15 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.21-1
- Update to 0.7.21 (close RHBZ#2379123)
* Thu Jul 10 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.20-1
- Update to 0.7.20 (close RHBZ#2379145)
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.19-1
- Update to 0.7.19 (close RHBZ#2375432)
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.18-1
- Update to 0.7.18
* Tue Jul 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.17-1
- Update to 0.7.17
* Sat Jun 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.16-1
- Update to 0.7.16 (close RHBZ#2374368)
* Sat Jun 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.15-1
- Update to 0.7.15
* Thu Jun 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.14-1
- Update to 0.7.14
* Thu Jun 26 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.13-2
- Correctly patch out foreign deps. in bundled crates
* Fri Jun 13 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.13-1
- Update to 0.7.13 (close RHBZ#2372600)
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.12-1
- Update to 0.7.12 (close RHBZ#2370052)
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.11-1
- Update to 0.7.11
* Mon Jun 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.10-1
- Update to 0.7.10
* Tue Jun 3 2025 Python Maint - 0.7.9-2
- Rebuilt for Python 3.14
* Sat May 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.9-1
- Update to 0.7.9 (close RHBZ#2369520)
* Sun May 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.8-1
- Update to 0.7.8 (close RHBZ#2368082)
* Tue May 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.6-1
- Update to 0.7.6 (close RHBZ#2367412)
* Sat May 17 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.5-1
- Update to 0.7.5 (close RHBZ#2362369)
* Sat May 17 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.4-1
- Update to 0.7.4
* Fri May 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.3-1
- Update to 0.7.3
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.2-1
- Update to 0.7.2
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.1-1
- Update to 0.7.1
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.7.0-1
- Update to 0.7.0
* Fri May 9 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.17-2
- F41+: Use the provisional pyproject declarative buildsystem
* Mon May 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.17-1
- Update to 0.6.17
* Fri Apr 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-3
- Fix a typo in the LICENSE expression (missing AND)
* Fri Apr 25 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-2
- Update ron to 0.10
* Tue Apr 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.16-1
- Update to 0.6.16 (close RHBZ#2361554)
- Update the License expression, primarily due to rust-idna 1.x
* Sat Apr 12 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.14-2
- Patch bundled pubgrub/version-ranges fork for ron 0.9.0 final
* Thu Apr 10 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.14-1
- Update to 0.6.14 (close RHBZ#2358749)
* Tue Apr 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.13-1
- Update to 0.6.13 (close RHBZ#2358054)
* Sat Apr 5 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.12-2
- Let LICENSE.dependencies be installed in the .dist-info
* Fri Apr 4 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.12-1
- Initial package (close RHBZ#2357473)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: ruff-0.14.2-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : ruff
Product : Fedora 42
Version : 0.14.2
Release : 1.fc42
URL : https://github.com/astral-sh/ruff
Summary : Extremely fast Python linter and code formatter
Description :
An extremely fast Python linter and code formatter, written in Rust.
Ruff aims to be orders of magnitude faster than alternative tools while
integrating more functionality behind a single, common interface.
Ruff can be used to replace Flake8 (plus dozens of plugins), Black, isort,
pydocstyle, pyupgrade, autoflake, and more, all while executing tens or
hundreds of times faster than any individual tool.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.2-1
- Update to version 0.14.2; Fixes RHBZ#2406135
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.1-2
- Double _smp_tasksize_proc again
- Builds for F41 were failing consistently on s390x
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.1-1
- Update to 0.14.1 (close RHBZ#2360699)
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.0-2
- Skip salsa???s execute_cancellation tests on all architectures
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.14.0-1
- Update to 0.14.0
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.3-1
- Update to 0.13.3
* Mon Oct 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.13.2-1
- Update to 0.13.2
* Thu Oct 16 2025 Gordon Messmer [gordon.messmer@gmail.com] - 0.12.1-2
- Use rpm's native resource tunable to limit parallelism.
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.1-1
- Update to 0.12.1
* Wed Sep 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.12.0-1
- Update to 0.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 42 Update: rust-attribute-derive-0.10.5-1.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : rust-attribute-derive
Product : Fedora 42
Version : 0.10.5
Release : 1.fc42
URL : https://crates.io/crates/attribute-derive
Summary : Clap like parsing for attributes in proc-macros
Description :
Clap like parsing for attributes in proc-macros.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.5-1
- Initial package (close RHBZ#2398133)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 42 Update: openapi-python-client-0.26.2-4.fc42
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-a77c1f005b
2025-11-03 01:05:58.219415+00:00
--------------------------------------------------------------------------------
Name : openapi-python-client
Product : Fedora 42
Version : 0.26.2
Release : 4.fc42
URL : https://github.com/openapi-generators/openapi-python-client
Summary : Generate modern Python clients from OpenAPI
Description :
The openapi-python-client is a powerful tool designed to generate
modern Python clients from OpenAPI 3.0+ documents supporting both
synchronous and asynchronous HTTP requests. It automates the creation of
Python classes and methods that correspond to the endpoints and schema
defined in your OpenAPI specification, making it easier to interact with
your API in a type-safe manner.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1
Update openapi-python-client to 0.26.2 and patch it to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.26.2-4
- Allow typer 0.20
* Tue Oct 21 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.26.2-3
- Allow ruff 0.14
* Sat Oct 18 2025 Do??ukan ??a??atay [dogukan.cagatay@aiven.io] - 0.26.2-2
- Update checksum for openapi-python-client version 0.26.2
* Sat Oct 18 2025 Do??ukan ??a??atay [dogukan.cagatay@aiven.io] - 0.26.2-1
- Update openapi-python-client to 0.26.2
- Bump version from 0.26.1 to 0.26.2 in spec file
- Update man page to version 0.26.2
- Remove allow-typer-0.19.patch (no longer needed with 0.26.2)
- Remove %bcond tests 1 and conditional test execution
* Wed Oct 1 2025 Do??ukan ??a??atay [dogukan.cagatay@aiven.io] - 0.26.1-1
- Update version 0.26.1
- Update upstream version 0.26.1
- Delete old patch for the fix of the CLI tests fix-test-cli-1309.patch
- Update allow-typer-0.19.patch
* Sat Sep 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.26.0-5
- Allow typer 0.19
* Sat Sep 20 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.26.0-4
- Allow typer 0.18
* Fri Sep 19 2025 Python Maint - 0.26.0-3
- Rebuilt for Python 3.14.0rc3 bytecode
* Sun Aug 31 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.26.0-2
- Allow typer 0.17
* Sat Aug 30 2025 Do??ukan ??a??atay [dogukan.cagatay@aiven.io] - 0.26.0-1
- Update version 0.26.0
- Update upstream version 0.26.0
- Add patch for the fix of the CLI tests fix-test-cli-1309.patch
- Delete old patch openapi-python-client-0.24.3-typer-0.16.patch
* Fri Aug 15 2025 Python Maint - 0.24.3-5
- Rebuilt for Python 3.14.0rc2 bytecode
* Thu Jul 24 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.24.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Sun Jun 22 2025 Python Maint - 0.24.3-3
- Rebuilt for Python 3.14
* Tue May 27 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.24.3-2
- Allow typer 0.16
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405474 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405474
[ 8 ] Bug #2405476 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-42]
https://bugzilla.redhat.com/show_bug.cgi?id=2405476
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-a77c1f005b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: uv-0.9.5-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : uv
Product : Fedora 41
Version : 0.9.5
Release : 1.fc41
URL : https://github.com/astral-sh/uv
Summary : An extremely fast Python package installer and resolver, written in Rust
Description :
An extremely fast Python package installer and resolver, written in Rust.
Designed as a drop-in replacement for common pip and pip-tools workflows.
Highlights:
??? ?????? Drop-in replacement for common pip, pip-tools, and virtualenv commands.
??? ?????? 10-100x faster than pip and pip-tools (pip-compile and pip-sync).
??? ???? Disk-space efficient, with a global cache for dependency deduplication.
??? ???? Installable via curl, pip, pipx, etc. uv is a static binary that can be
installed without Rust or Python.
??? ???? Tested at-scale against the top 10,000 PyPI packages.
??? ??????? Support for macOS, Linux, and Windows.
??? ???? Advanced features such as dependency version overrides and alternative
resolution strategies.
??? ?????? Best-in-class error messages with a conflict-tracking resolver.
??? ???? Support for a wide range of advanced pip features, including editable
installs, Git dependencies, direct URL dependencies, local dependencies,
constraints, source distributions, HTML and JSON indexes, and more.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.5-1
- Update to 0.9.5 (close RHBZ#2402923)
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.4-1
- Update to 0.9.4
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.3-1
- Update to 0.9.3
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.2-1
- Update to 0.9.2
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.1-1
- Update to 0.9.1
* Fri Oct 24 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.9.0-1
- Update to 0.9.0
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-4
- Try to work around ???too many open files??? on 192-core builders
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-3
- Revert "Allow hashbrown 0.15 (for EPEL10.1)"
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-2
- Allow hashbrown 0.15 (for EPEL10.1)
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.24-1
- Update to 0.8.24
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.23-1
- Update to 0.8.23
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.22-1
- Update to 0.8.22
* Wed Oct 22 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.21-1
- Update to 0.8.21
* Thu Oct 16 2025 Gordon Messmer [gordon.messmer@gmail.com] - 0.8.20-2
- Use rpm's native resource tunable to limit parallelism.
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.20-1
- Update to 0.8.20 (close RHBZ#2389326)
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.19-1
- Update to 0.8.19
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.18-1
- Update to 0.8.18
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.17-1
- Update to 0.8.17
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.16-1
- Update to 0.8.16
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.15-1
- Update to 0.8.15
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.14-1
- Update to 0.8.14
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.13-1
- Update to 0.8.13
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.12-1
- Update to 0.8.12
* Sun Sep 28 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.8.11-5
- Use the bundled reqwest-middleware, too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 41 Update: rust-tikv-jemallocator-0.6.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-tikv-jemallocator
Product : Fedora 41
Version : 0.6.1
Release : 1.fc41
URL : https://crates.io/crates/tikv-jemallocator
Summary : Rust allocator backed by jemalloc
Description :
A Rust allocator backed by jemalloc.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.1-1
- Update to version 0.6.1; Fixes RHBZ#2404523
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-http-send-reqwest
Product : Fedora 41
Version : 2.0.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign-http-send-reqwest
Summary : Reqwest-based HTTP client implementation for reqsign
Description :
Reqwest-based HTTP client implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402443
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400100)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-core-2.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-core
Product : Fedora 41
Version : 2.0.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign-core
Summary : Signing API requests without effort
Description :
Signing API requests without effort.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402441
* Tue Sep 30 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400096)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-file-read-tokio-2.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-file-read-tokio
Product : Fedora 41
Version : 2.0.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign-file-read-tokio
Summary : Tokio-based file reader implementation for reqsign
Description :
Tokio-based file reader implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0
* Wed Oct 8 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400101)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-tikv-jemalloc-sys-0.6.1-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-tikv-jemalloc-sys
Product : Fedora 41
Version : 0.6.1
Release : 1.fc41
URL : https://crates.io/crates/tikv-jemalloc-sys
Summary : Rust FFI bindings to jemalloc
Description :
Rust FFI bindings to jemalloc.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.6.1-1
- Update to version 0.6.1
* Fri Jul 25 2025 Fedora Release Engineering [releng@fedoraproject.org] - 0.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-aws-v4-2.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-aws-v4
Product : Fedora 41
Version : 2.0.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign-aws-v4
Summary : AWS SigV4 signing implementation for reqsign
Description :
AWS SigV4 signing implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0
* Sat Oct 11 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400195)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-reqsign-command-execute-tokio-2.0.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-reqsign-command-execute-tokio
Product : Fedora 41
Version : 2.0.0
Release : 1.fc41
URL : https://crates.io/crates/reqsign-command-execute-tokio
Summary : Tokio-based command execution implementation for reqsign
Description :
Tokio-based command execution implementation for reqsign.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 23 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 2.0.0-1
- Update to version 2.0.0; Fixes RHBZ#2402442
* Thu Oct 2 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 1.0.0-1
- Initial package (close RHBZ#2400111)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: rust-proc-macro-utils-0.10.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-43a0bff5ea
2025-11-03 01:00:54.501352+00:00
--------------------------------------------------------------------------------
Name : rust-proc-macro-utils
Product : Fedora 41
Version : 0.10.0
Release : 1.fc41
URL : https://crates.io/crates/proc-macro-utils
Summary : Low-level utilities on proc-macro and proc-macro2 types
Description :
Low-level utilities on proc-macro and proc-macro2 types.
--------------------------------------------------------------------------------
Update Information:
uv 0.9.5
https://github.com/astral-sh/uv/blob/0.9.5/CHANGELOG.md
Since uv was built with astral-tokio-tar 0.5.6, this is a security fix for
CVE-2025-62518.
ruff 0.14.2
https://github.com/astral-sh/ruff/blob/0.14.2/CHANGELOG.md
rust-astral-tokio-tar 0.5.6
Fixed a parser desynchronization vulnerability when reading tar archives that
contain mismatched size information in PAX/ustar headers.
This vulnerability is being tracked as GHSA-j5gw-2vrg-8fgx
and CVE-2025-62518.
Initial package for python-uv-build in Fedora 42
Initial packages for a number of new dependencies for ruff and uv.
Update rust-tikv-jemallocator and rust-tikv-jemalloc-sys to 0.6.1.
Patch openapi-python-client to allow ruff 0.14
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 29 2025 Benjamin A. Beasley [code@musicinmybrain.net] - 0.10.0-1
- Initial package (close RHBZ#2398050)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2360699 - ruff-0.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2360699
[ 2 ] Bug #2402441 - rust-reqsign-core-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402441
[ 3 ] Bug #2402442 - rust-reqsign-command-execute-tokio-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402442
[ 4 ] Bug #2402443 - rust-reqsign-http-send-reqwest-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402443
[ 5 ] Bug #2402881 - python-uv-build-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402881
[ 6 ] Bug #2402923 - uv-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2402923
[ 7 ] Bug #2405471 - CVE-2025-62518 rust-astral-tokio-tar: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405471
[ 8 ] Bug #2405472 - CVE-2025-62518 uv: astral-tokio-tar Vulnerable to PAX Header Desynchronization [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2405472
[ 9 ] Bug #2406135 - ruff-0.14.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2406135
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-43a0bff5ea' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
