========================================================================== Ubuntu Security Notice USN-8230-1 May 06, 2026 docker.io-app vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Docker. Software Description: - docker.io-app: Linux container runtime Details: It was discovered that BuildKit, contained within Docker, incorrectly handled file path validation when processing frontend API messages. An attacker could possibly use this issue to write files outside of the intended state directory. (CVE-2026-33747) It was discovered that BuildKit, contained within Docker, incorrectly validated the subdir component of Git URL fragments. An attacker could possibly use this issue to access files outside of the checked-out repository root. (CVE-2026-33748) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS docker.io 29.1.3-0ubuntu4.1 Ubuntu 24.04 LTS docker.io 29.1.3-0ubuntu3~24.04.2 Ubuntu 22.04 LTS docker.io 29.1.3-0ubuntu3~22.04.2 Ubuntu 20.04 LTS docker.io 26.1.3-0ubuntu1~20.04.1+esm2 Available with Ubuntu Pro After a standard system update you need to restart Docker to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8230-1 CVE-2026-33747, CVE-2026-33748 Package Information: https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu4.1 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~24.04.2 https://launchpad.net/ubuntu/+source/docker.io-app/29.1.3-0ubuntu3~22.04.2
Tuesday, May 5, 2026
[USN-8234-1] Mako vulnerability
========================================================================== Ubuntu Security Notice USN-8234-1 May 05, 2026 python-mako vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Mako could be made to expose sensitive information over the network. Software Description: - mako: fast and lightweight templating for the Python platform Details: It was discovered that Mako incorrectly handled URIs with double-slash prefixes in TemplateLookup. A remote attacker could possibly use this issue to obtain sensitive information. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-mako 1.3.10-3ubuntu0.1 Ubuntu 25.10 python3-mako 1.3.9-1ubuntu0.1 Ubuntu 24.04 LTS python3-mako 1.3.2-1ubuntu0.1 Ubuntu 22.04 LTS python3-mako 1.1.3+ds1-2ubuntu0.2 Ubuntu 20.04 LTS python-mako 1.1.0+ds1-1ubuntu2.1+esm1 Available with Ubuntu Pro python3-mako 1.1.0+ds1-1ubuntu2.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS python-mako 1.0.7+ds1-1ubuntu0.2+esm1 Available with Ubuntu Pro python3-mako 1.0.7+ds1-1ubuntu0.2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS python-mako 1.0.3+ds1-1ubuntu1+esm2 Available with Ubuntu Pro python3-mako 1.0.3+ds1-1ubuntu1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8234-1 CVE-2026-41205 Package Information: https://launchpad.net/ubuntu/+source/mako/1.3.10-3ubuntu0.1 https://launchpad.net/ubuntu/+source/mako/1.3.9-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mako/1.3.2-1ubuntu0.1 https://launchpad.net/ubuntu/+source/mako/1.1.3+ds1-2ubuntu0.2
[USN-8233-1] nghttp2 vulnerability
========================================================================== Ubuntu Security Notice USN-8233-1 May 05, 2026 nghttp2 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: nghttp2 could be made to crash if it received specially crafted network traffic. Software Description: - nghttp2: HTTP/2 C Library and tools Details: Andrew MacPherson discovered that nghttp2 did not properly validate internal state when the session termination API was called. A remote attacker could possibly use this issue to cause nghttp2 to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libnghttp2-14 1.64.0-1.1ubuntu1.1 nghttp2 1.64.0-1.1ubuntu1.1 Ubuntu 24.04 LTS libnghttp2-14 1.59.0-1ubuntu0.3 nghttp2 1.59.0-1ubuntu0.3 Ubuntu 22.04 LTS libnghttp2-14 1.43.0-1ubuntu0.3 nghttp2 1.43.0-1ubuntu0.3 Ubuntu 20.04 LTS libnghttp2-14 1.40.0-1ubuntu0.3+esm1 Available with Ubuntu Pro nghttp2 1.40.0-1ubuntu0.3+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libnghttp2-14 1.30.0-1ubuntu1+esm3 Available with Ubuntu Pro nghttp2 1.30.0-1ubuntu1+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libnghttp2-14 1.7.1-1ubuntu0.1~esm3 Available with Ubuntu Pro nghttp2 1.7.1-1ubuntu0.1~esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8233-1 CVE-2026-27135 Package Information: https://launchpad.net/ubuntu/+source/nghttp2/1.64.0-1.1ubuntu1.1 https://launchpad.net/ubuntu/+source/nghttp2/1.59.0-1ubuntu0.3 https://launchpad.net/ubuntu/+source/nghttp2/1.43.0-1ubuntu0.3
[USN-8232-1] Django vulnerabilities
========================================================================== Ubuntu Security Notice USN-8232-1 May 05, 2026 python-django vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Django. Software Description: - python-django: High-level Python web development framework Details: It was discovered that Django did not vary cached response headers on cookies when sessions were not modified while SESSION_SAVE_EVERY_REQUEST was enabled. A remote attacker could possibly use this issue to steal a user's session. (CVE-2026-35192) Kyle Agronick and Jacob Walls discovered that Django incorrectly handled ASGI requests with missing or understated Content-Length header values. A remote attacker could possibly use this issue to cause Django to use excessive resources, leading to a denial of service. (CVE-2026-5766) Ahmad Sadeddin discovered that Django UpdateCacheMiddleware incorrectly cached requests where the Vary header contained an asterisk. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6907) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS python3-django 3:5.2.9-0ubuntu4.1 Ubuntu 25.10 python3-django 3:5.2.4-1ubuntu2.5 Ubuntu 24.04 LTS python3-django 3:4.2.11-1ubuntu1.16 Ubuntu 22.04 LTS python3-django 2:3.2.12-2ubuntu1.27 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8232-1 CVE-2026-35192, CVE-2026-5766, CVE-2026-6907 Package Information: https://launchpad.net/ubuntu/+source/python-django/3:5.2.9-0ubuntu4.1 https://launchpad.net/ubuntu/+source/python-django/3:5.2.4-1ubuntu2.5 https://launchpad.net/ubuntu/+source/python-django/3:4.2.11-1ubuntu1.16 https://launchpad.net/ubuntu/+source/python-django/2:3.2.12-2ubuntu1.27
Inactive packagers removal for F44 cycle
In accordance with FESCo's Inactive Packager Policy[1], a ticket in the fedora-infrastructure repo[2] has been filed asking removal from packagers group of users that have been identified as inactive and not reachable during the F44 development cycle. If you have suggestions for improvement, look for the open feature issues[3] and file an issue in the find-inactive-packagers repo[4] if it's not there already. For the curious, here are the stats from today's run: ### These 109 users didn't reply and are going to be removed from packagers: ### - acardace - admccartney - albertlarsan68 - aligx - alwillia - anushkasrinivasa - aperezbios - appadeia - bdperkin - blowry - branto - bt0dotninja - caleb - cgoncalves - chr77 - danw - dledford - dmach - dmarlin - dsecik - dwilde - ebaron - ecurtin - eharney - emlima - f1ash - green - hony - huwang - iarnell - ichavero - ihrachyshka - ilgrad - ipanova - italomga - izabela - jaltman - jamesread - jasenchao - jbadiapa - jbastian - jdulaney - jdunn - jeffreylauribose - jhuttana - jkastner - jkozol - josef - jshort - jwolfe - karolinku - kengert - kgold - kpvdr - lberk - lcrpkking - leifliddy - leon - liuyang - mairacanal - markmc - mburns72h - mdomsch - mich181189 - mithunveluri - miyunari - mjia - mlysonek - mmaslano - msivak - mtosatti - muneendra - oget - orange-kao - otherwiseguy - patches - pcolberg - pcpa - pcreech17 - pkfed - proski - pulchartj - pvoborni - rdieter - rezso - rhn-mk1 - rjmco - rohanpm - rohara - santiago - schwicke - slagle - slaweq - snits - sohank2602 - souryogurt - stephen144 - stevebake - suanand - tachoknight - ttorling - umohnani - uraeus - vakwetu - vmaljulin - wtogami - xiubli - yalgaer - yarboa ### These 11 users agreed to be removed from packagers: ### ### most common reason: not interested anymore in packaging work ### - bkircher - dfan - dzickus - goldmann - jdeluyck - jkang - kasal - liquidat - madko - mmagr - ondaaak ### These 4 users resumed activity: ### - ankr - jrichardson - rlandmann - tao-j ### Out of 167 tickets opened in first step, 120 users (72%) will be removed from packagers ### [1] https://docs.fedoraproject.org/en-US/fesco/Policy_for_inactive_packagers/ [2] https://pagure.io/fedora-infrastructure/issue/12891 [3] https://pagure.io/find-inactive-packagers/issues?tags=feature [4] https://pagure.io/find-inactive-packagers/new_issue -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Monday, May 4, 2026
[USN-8228-1] Exim vulnerabilities
========================================================================== Ubuntu Security Notice USN-8228-1 May 04, 2026 exim4 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in Exim. Software Description: - exim4: Exim is a mail transport agent Details: It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2026-40685) It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-40686) It was discovered that Exim incorrectly handled SPA authenticator input. An authenticated user could possibly use this issue to execute arbitrary code. (CVE-2026-40687) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS exim4 4.99.1-1ubuntu1.1 exim4-base 4.99.1-1ubuntu1.1 eximon4 4.99.1-1ubuntu1.1 Ubuntu 25.10 exim4 4.98.2-1ubuntu2.1 exim4-base 4.98.2-1ubuntu2.1 eximon4 4.98.2-1ubuntu2.1 Ubuntu 24.04 LTS exim4 4.97-4ubuntu4.4 exim4-base 4.97-4ubuntu4.4 eximon4 4.97-4ubuntu4.4 Ubuntu 22.04 LTS exim4 4.95-4ubuntu2.7 exim4-base 4.95-4ubuntu2.7 eximon4 4.95-4ubuntu2.7 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8228-1 CVE-2026-40685, CVE-2026-40686, CVE-2026-40687 Package Information: https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.1 https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.4 https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.7
[USN-8227-1] curl vulnerabilities
========================================================================== Ubuntu Security Notice USN-8227-1 May 04, 2026 curl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: curl could be made to expose sensitive information over the network. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-4873) It was discovered that curl incorrectly reused certain HTTP Negotiate connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5545) It was discovered that curl incorrectly reused certain SMB connections. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-5773) It was discovered that curl could leak proxy credentials when handling redirects in some configurations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6253) It was discovered that curl could leak cookies because of stale custom cookie host handling in some requests. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6276) It was discovered that curl could leak .netrc credentials when reusing proxy connections in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-6429) It was discovered that curl could leak Digest authentication state when switching proxies in some situations. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2026-7168) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS curl 8.18.0-1ubuntu2.1 libcurl3t64-gnutls 8.18.0-1ubuntu2.1 libcurl4t64 8.18.0-1ubuntu2.1 Ubuntu 25.10 curl 8.14.1-2ubuntu1.3 libcurl3t64-gnutls 8.14.1-2ubuntu1.3 libcurl4t64 8.14.1-2ubuntu1.3 Ubuntu 24.04 LTS curl 8.5.0-2ubuntu10.9 libcurl3t64-gnutls 8.5.0-2ubuntu10.9 libcurl4t64 8.5.0-2ubuntu10.9 Ubuntu 22.04 LTS curl 7.81.0-1ubuntu1.24 libcurl3-gnutls 7.81.0-1ubuntu1.24 libcurl3-nss 7.81.0-1ubuntu1.24 libcurl4 7.81.0-1ubuntu1.24 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8227-1 CVE-2026-4873, CVE-2026-5545, CVE-2026-5773, CVE-2026-6253, CVE-2026-6276, CVE-2026-6429, CVE-2026-7168 Package Information: https://launchpad.net/ubuntu/+source/curl/8.18.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/curl/8.14.1-2ubuntu1.3 https://launchpad.net/ubuntu/+source/curl/8.5.0-2ubuntu10.9 https://launchpad.net/ubuntu/+source/curl/7.81.0-1ubuntu1.24
[USN-8229-1] sed vulnerability
========================================================================== Ubuntu Security Notice USN-8229-1 May 04, 2026 sed vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: sed could be made to overwrite files. Software Description: - sed: GNU stream editor for filtering/transforming text Details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local attacker could possibly use this issue to overwrite arbitrary files. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS sed 4.9-2ubuntu1 Ubuntu 25.10 sed 4.9-2ubuntu0.25.10.1 Ubuntu 24.04 LTS sed 4.9-2ubuntu0.24.04.1 Ubuntu 22.04 LTS sed 4.8-1ubuntu2.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8229-1 CVE-2026-5958 Package Information: https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu1 https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/sed/4.9-2ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/sed/4.8-1ubuntu2.1
Sunday, May 3, 2026
Orphaned packages looking for new maintainers
Report started at 2026-05-03 22:00:54 UTC The following packages are orphaned and will be retired when they are orphaned for six weeks, unless someone adopts them. If you know for sure that the package should be retired, please do so now with a proper reason: https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life Note: If you received this mail directly you (co)maintain one of the affected packages or a package that depends on one. Please adopt the affected package or retire your depending package to avoid broken dependencies, otherwise your package will be retired when the affected package gets retired. Request package ownership via the *Take* button in the left column on https://src.fedoraproject.org/rpms/<pkgname> Full report available at: https://a.gtmx.me/orphans/orphans.txt grep it for your FAS username and follow the dependency chain. For human readable dependency chains, see https://packager-dashboard.fedoraproject.org/ For all orphaned packages, see https://packager-dashboard.fedoraproject.org/orphan Package (co)maintainers Status Change ================================================================================ bbox-firago-fonts orphan 5 weeks ago bign-handheld-thumbnailer orphan 5 weeks ago botan2 orphan, thm 2 weeks ago dex-autostart orphan 2 weeks ago dnf-plugin-ovl orphan 2 weeks ago dqlite orphan 3 weeks ago elementary-calculator @pantheon-sig, orphan 0 weeks ago elementary-calendar @pantheon-sig, mcrha, orphan 0 weeks ago elementary-camera @pantheon-sig, orphan 0 weeks ago elementary-code @pantheon-sig, orphan 0 weeks ago elementary-files @pantheon-sig, orphan 0 weeks ago elementary-mail @pantheon-sig, mcrha, orphan 0 weeks ago elementary-music @pantheon-sig, orphan 0 weeks ago elementary-notifications @pantheon-sig, orphan 0 weeks ago elementary-onboarding @pantheon-sig, orphan 0 weeks ago elementary-photos @pantheon-sig, orphan 0 weeks ago elementary-screenshot @pantheon-sig, orphan 0 weeks ago elementary-settings-daemon @pantheon-sig, orphan 0 weeks ago fparser orphan 2 weeks ago gala @pantheon-sig, orphan 0 weeks ago gcolor2 orphan 1 weeks ago glibd orphan 2 weeks ago golang-bitbucket-creachadair- @go-sig, orphan 5 weeks ago shell golang-cloud-google-pubsub @go-sig, orphan 5 weeks ago golang-cloud-google-spanner @go-sig, orphan 5 weeks ago golang-github-andreyvit-diff @go-sig, orphan 1 weeks ago golang-github-antihax-optional @go-sig, orphan 5 weeks ago golang-github-armon-socks5 @go-sig, orphan 5 weeks ago golang-github-burntsushi-toml @go-sig, dcavalca, dfateyev, 1 weeks ago orphan golang-github-circonus-labs- @go-sig, orphan 5 weeks ago apiclient golang-github-circonus-labs- @go-sig, orphan 5 weeks ago circonusllhist golang-github-elazarl-goproxy @go-sig, orphan 5 weeks ago golang-github-erkexzcx- @go-sig, orphan 3 weeks ago valetudopng golang-github-ghodss-yaml @go-sig, jchaloup, orphan 5 weeks ago golang-github-git-fixtures-4 @go-sig, orphan 5 weeks ago golang-github-git-gcfg @go-sig, orphan 5 weeks ago golang-github-gliderlabs-ssh @go-sig, jchaloup, orphan 5 weeks ago golang-github-google-renameio-2 @go-sig, orphan 2 weeks ago golang-github-googleapis- @go-sig, orphan 5 weeks ago enterprise-certificate-proxy golang-github-groupcache @go-sig, orphan 5 weeks ago golang-github-hebcal-greg @go-sig, orphan 2 weeks ago golang-github-jose4 @go-sig, orphan 1 weeks ago golang-github-joshuarubin- @go-sig, ngompa, orphan 1 weeks ago lifecycle golang-github-labstack-echo-4 @go-sig, orphan 5 weeks ago golang-github-mdlayher- @go-sig, orphan 2 weeks ago genetlink golang-github-patrickmn-cache @go-sig, orphan 5 weeks ago golang-github-peterbourgon- @go-sig, jchaloup, orphan 5 weeks ago diskv golang-github-pjbgf-sha1cd @go-sig, orphan 5 weeks ago golang-github-prashantv-gostub @go-sig, orphan 2 weeks ago golang-github-sergi-diff @go-sig, orphan 2 weeks ago golang-github-skeema-knownhosts @go-sig, orphan 5 weeks ago golang-github-syndtr-goleveldb @go-sig, jchaloup, orphan 5 weeks ago golang-github-task-slim-sprig @go-sig, orphan 3 weeks ago golang-github-task-slim-sprig3 @go-sig, orphan 2 weeks ago golang-github-xanzy-ssh-agent @go-sig, jchaloup, orphan 5 weeks ago golang-gopkg-alecthomas- @go-sig, orphan 2 weeks ago kingpin-2 golang-hein-version @go-sig, orphan 5 weeks ago granite-7 @pantheon-sig, orphan 0 weeks ago grilo @gnome-sig, orphan, victortoso 2 weeks ago grilo-plugins @gnome-sig, orphan, victortoso 2 weeks ago gtk-murrine-engine @epel-packagers-sig, orphan, 1 weeks ago robert http-parser duck, mrunge, orphan, 2 weeks ago sgallagh, vascom kwebkitpart @kde-sig, orphan, than 4 weeks ago log4cpp orphan 4 weeks ago mod_auth_openid orphan 2 weeks ago mopidy orphan 4 weeks ago mopidy-mpd orphan 4 weeks ago nodejs-backbone orphan 3 weeks ago octave-parallel orphan 0 weeks ago openssl-gost-engine abbra, dbelyavs, orphan 2 weeks ago pantheon-wayland @pantheon-sig, orphan 0 weeks ago pykka orphan 4 weeks ago python-cmake-build-extension orphan 2 weeks ago python-modernize orphan 1 weeks ago python-opytimizer orphan 2 weeks ago python-platformio music, orphan 0 weeks ago python-pytest-sugar orphan 3 weeks ago python-pyxs orphan 3 weeks ago rubygem-macaddr orphan 3 weeks ago rubygem-opennebula orphan 3 weeks ago rust-bisection @rust-sig, orphan 3 weeks ago rust-dutree @rust-sig, orphan 0 weeks ago rust-heatseeker @rust-sig, orphan 0 weeks ago rust-procs @rust-sig, orphan 0 weeks ago rust-tealdeer @rust-sig, orphan 0 weeks ago rust-varlink @rust-sig, orphan 0 weeks ago rust-varlink-cli @rust-sig, orphan 0 weeks ago rust-varlink_generator @rust-sig, orphan 0 weeks ago rust-varlink_parser @rust-sig, orphan 0 weeks ago rust-varlink_stdinterfaces @rust-sig, orphan 0 weeks ago vim-javabrowser orphan 4 weeks ago vim-taglist orphan 4 weeks ago wingpanel @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-a11y @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-bluetooth @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-datetime @pantheon-sig, orphan 0 weeks ago wingpanel-indicator-keyboard @pantheon-sig, orphan 0 weeks ago wult orphan 1 weeks ago xdaliclock orphan 1 weeks ago The following packages require above mentioned packages: Depending on: botan2 (1), status change: 2026-04-17 (2 weeks ago) qownnotes (maintained by: atim) qownnotes-26.1.14-1.fc44.src requires pkgconfig(botan-2) = 2.19.5 qownnotes-26.1.14-1.fc44.x86_64 requires libbotan-2.so.19()(64bit) Depending on: dex-autostart (1), status change: 2026-04-16 (2 weeks ago) NsCDE (maintained by: dcavalca, salimma) NsCDE-2.2-11.fc44.x86_64 requires dex-autostart = 0.10.1-5.fc44 Depending on: elementary-notifications (6), status change: 2026-05-03 (0 weeks ago) gala (maintained by: @pantheon-sig, orphan) gala-8.4.1^20260325.git4b15f84-1.fc45.i686 requires elementary-notifications = 8.1.2-2.fc44 gala-8.4.1^20260325.git4b15f84-1.fc45.x86_64 requires elementary-notifications = 8.1.2-2.fc44 wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: gala (5), status change: 2026-05-03 (0 weeks ago) wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: golang-github-andreyvit-diff (1), status change: 2026-04-21 (1 weeks ago) golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/andreyvit/diff) = 0-19.20190625gitc7f18ee.fc44 Depending on: golang-github-burntsushi-toml (13), status change: 2026-04-20 (1 weeks ago) elvish (maintained by: @go-sig, topazus) elvish-0.21.0-12.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-facebookincubator-nvdtools-devel-0.1.4-21.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-mmarkdown-mmark (maintained by: @go-sig, eclipseo) golang-github-mmarkdown-mmark-2.2.10-20.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-mmarkdown-mmark-devel-2.2.10-20.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-nicksnyder-i18n-2 (maintained by: @go-sig, qulogic) golang-github-nicksnyder-i18n-2-2.1.2-20.fc45.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-nicksnyder-i18n-2-devel-2.1.2-20.fc45.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-schollz-cli-2 (maintained by: @go-sig, dcavalca) golang-github-schollz-cli-2-2.2.1-13.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-schollz-cli-2-devel-2.2.1-13.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli (maintained by: @go-sig, alexsaezm) golang-github-urfave-cli-1.22.10-10.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-devel-1.22.10-10.fc44.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-2 (maintained by: @go-sig, mikelo2, nathans) golang-github-urfave-cli-2-2.27.1-4.fc43.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-urfave-cli-2-devel-2.27.1-4.fc43.noarch requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-gopkg-natefinch-lumberjack-2 (maintained by: @go-sig, alexsaezm, jchaloup) golang-gopkg-natefinch-lumberjack-2-1:2.0.0-19.fc44.src requires golang(github.com/BurntSushi/toml) = 1.5.0-6.fc44 golang-github-opencontainers-runtime-tools (maintained by: @go-sig, eclipseo) golang-github-opencontainers-runtime-tools-0.9.0-25.20221129git2802ff9.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-opencontainers-runtime-tools-devel-0.9.0-25.20221129git2802ff9.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-shopify-toxiproxy (maintained by: @go-sig, eclipseo) golang-github-shopify-toxiproxy-2.1.4-23.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-shopify-toxiproxy-devel-2.1.4-23.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-vbatts-tar-split (maintained by: @go-sig, jchaloup, runcom) golang-github-vbatts-tar-split-0.11.2-12.fc44.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-github-vbatts-tar-split-devel-0.11.2-12.fc44.noarch requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 gotun (maintained by: @go-sig, kushal) gotun-0-0.24.gita9dbe4d.fc42.src requires golang(github.com/urfave/cli) = 1.22.10-10.fc44 golang-mau-zeroconfig (maintained by: @go-sig, v02460) golang-mau-zeroconfig-0.1.2-4.fc43.src requires golang(gopkg.in/natefinch/lumberjack.v2) = 2.0.0-19.fc44 golang-mau-zeroconfig-devel-0.1.2-4.fc43.noarch requires golang(gopkg.in/natefinch/lumberjack.v2) = 2.0.0-19.fc44 Depending on: golang-github-sergi-diff (2), status change: 2026-04-14 (2 weeks ago) golang-github-andreyvit-diff (maintained by: @go-sig, orphan) golang-github-andreyvit-diff-0-19.20190625gitc7f18ee.fc44.src requires golang(github.com/sergi/go-diff/diffmatchpatch) = 1.3.1-9.fc44 golang-github-andreyvit-diff-devel-0-19.20190625gitc7f18ee.fc44.noarch requires golang(github.com/sergi/go-diff/diffmatchpatch) = 1.3.1-9.fc44 golang-github-facebookincubator-nvdtools (maintained by: @go-sig, dcavalca) golang-github-facebookincubator-nvdtools-0.1.4-21.fc44.src requires golang(github.com/andreyvit/diff) = 0-19.20190625gitc7f18ee.fc44 Depending on: golang-gopkg-alecthomas-kingpin-2 (2), status change: 2026-04-14 (2 weeks ago) golang-github-jose-3 (maintained by: @go-sig, eclipseo) golang-github-jose-3-3.0.0-9.fc44.src requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jose-3-devel-3.0.0-9.fc44.noarch requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jsonnet-bundler (maintained by: @go-sig, olem) golang-github-jsonnet-bundler-0.4.0-23.fc44.src requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 golang-github-jsonnet-bundler-devel-0.4.0-23.fc44.noarch requires golang(gopkg.in/alecthomas/kingpin.v2) = 2.3.2-9.fc44 Depending on: granite-7 (14), status change: 2026-05-03 (0 weeks ago) SwayNotificationCenter (maintained by: @sway-sig, topazus) SwayNotificationCenter-0.12.5-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 elementary-calculator (maintained by: @pantheon-sig, orphan) elementary-calculator-8.0.1-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-calculator-8.0.1-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-camera (maintained by: @pantheon-sig, orphan) elementary-camera-8.0.2-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-camera-8.0.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-music (maintained by: @pantheon-sig, orphan) elementary-music-8.1.0-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-music-8.1.0-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-notifications (maintained by: @pantheon-sig, orphan) elementary-notifications-8.1.2-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-notifications-8.1.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-notifications-demo-8.1.2-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) elementary-screenshot (maintained by: @pantheon-sig, orphan) elementary-screenshot-8.0.1-3.fc44.src requires pkgconfig(granite-7) = 7.8.1 elementary-screenshot-8.0.1-3.fc44.x86_64 requires libgranite-7.so.7()(64bit) gala (maintained by: @pantheon-sig, orphan) gala-8.4.1^20260325.git4b15f84-1.fc45.i686 requires elementary-notifications = 8.1.2-2.fc44, libgranite-7.so.7 gala-8.4.1^20260325.git4b15f84-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 gala-8.4.1^20260325.git4b15f84-1.fc45.x86_64 requires elementary-notifications = 8.1.2-2.fc44, libgranite-7.so.7()(64bit) minder (maintained by: atim) minder-2.0.9-1.fc45.src requires pkgconfig(granite-7) = 7.8.1 minder-2.0.9-1.fc45.x86_64 requires libgranite-7.so.7()(64bit) warble (maintained by: aekoroglu) warble-2.0.1-2.fc44.src requires pkgconfig(granite-7) = 7.8.1 warble-2.0.1-2.fc44.x86_64 requires libgranite-7.so.7()(64bit) wingpanel (maintained by: @pantheon-sig, orphan) wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.i686 requires libgala.so.0 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.src requires pkgconfig(gala) = 8.4.1 wingpanel-8.0.4^20260127.gitcd4852e-1.fc44.x86_64 requires libgala.so.0()(64bit) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Depending on: grilo (8), status change: 2026-04-14 (2 weeks ago) budgie-control-center (maintained by: joshstrobl) budgie-control-center-2.1.1-1.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19 gnome-music (maintained by: @gnome-sig, kalev, mclasen) gnome-music-49.1-2.fc45.noarch requires grilo = 0.3.19-3.fc45, grilo-plugins = 0.3.18-11.fc45 gnome-music-49.1-2.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19, pkgconfig(grilo-plugins-0.3) = 0.3.18 grilo-plugins (maintained by: @gnome-sig, orphan, victortoso) grilo-plugins-0.3.18-11.fc45.i686 requires grilo(x86-32) = 0.3.19-3.fc45, libgrilo-0.3.so.0, libgrlnet-0.3.so.0, libgrlpls-0.3.so.0 grilo-plugins-0.3.18-11.fc45.src requires grilo-devel = 0.3.19-3.fc45 grilo-plugins-0.3.18-11.fc45.x86_64 requires grilo(x86-64) = 0.3.19-3.fc45, libgrilo-0.3.so.0()(64bit), libgrlnet-0.3.so.0()(64bit), libgrlpls-0.3.so.0()(64bit) pragha (maintained by: nonamedotc) pragha-1.3.3-34.fc44.src requires pkgconfig(grilo-0.3) = 0.3.19 pragha-1.3.3-34.fc44.x86_64 requires libgrilo-0.3.so.0()(64bit) rhythmbox (maintained by: @gnome-sig, alexl, amigadave, dwmw2, rhughes, rstrode, snirkel) rhythmbox-3.4.9-2.fc45.i686 requires libgrilo-0.3.so.0 rhythmbox-3.4.9-2.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19 rhythmbox-3.4.9-2.fc45.x86_64 requires libgrilo-0.3.so.0()(64bit) totem (maintained by: @gnome-sig, alexl, kalev, mclasen, rhughes, rstrode, teuf) totem-1:43.2-8.fc45.i686 requires grilo-plugins(x86-32) = 0.3.18-11.fc45, libgrilo-0.3.so.0, libgrlpls-0.3.so.0 totem-1:43.2-8.fc45.src requires pkgconfig(grilo-0.3) = 0.3.19, pkgconfig(grilo-pls-0.3) = 0.3.19 totem-1:43.2-8.fc45.x86_64 requires grilo-plugins(x86-64) = 0.3.18-11.fc45, libgrilo-0.3.so.0()(64bit), libgrlpls-0.3.so.0()(64bit) rhythmbox-alternative-toolbar (maintained by: mochaa) rhythmbox-alternative-toolbar-0.20.4-9.fc44.src requires rhythmbox-devel = 3.4.9-2.fc45 rhythmbox-alternative-toolbar-0.20.4-9.fc44.x86_64 requires rhythmbox = 3.4.9-2.fc45 rhythmbox-ampache (maintained by: jorti) rhythmbox-ampache-0-45.20200822gited4b082.fc44.x86_64 requires rhythmbox(x86-64) = 3.4.9-2.fc45 Depending on: grilo-plugins (2), status change: 2026-04-14 (2 weeks ago) gnome-music (maintained by: @gnome-sig, kalev, mclasen) gnome-music-49.1-2.fc45.noarch requires grilo-plugins = 0.3.18-11.fc45 gnome-music-49.1-2.fc45.src requires pkgconfig(grilo-plugins-0.3) = 0.3.18 totem (maintained by: @gnome-sig, alexl, kalev, mclasen, rhughes, rstrode, teuf) totem-1:43.2-8.fc45.i686 requires grilo-plugins(x86-32) = 0.3.18-11.fc45 totem-1:43.2-8.fc45.x86_64 requires grilo-plugins(x86-64) = 0.3.18-11.fc45 Depending on: gtk-murrine-engine (11), status change: 2026-04-23 (1 weeks ago) arc-theme (maintained by: nonamedotc, tsmetana) arc-theme-20221218-13.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 arc-theme-20221218-13.fc44.src requires gtk-murrine-engine = 0.98.2-43.fc44 bluebird (maintained by: kevin, maxamillion) bluebird-gtk2-theme-1.3-19.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 cros-guest-tools (maintained by: buckaroogeek, dcavalca, kwizart, ngompa) cros-adapta-143-3.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 greybird (maintained by: kevin, lbazan, nonamedotc) greybird-dark-theme-3.23.4-4.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 greybird-light-theme-3.23.4-4.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 pocillo-gtk-theme (maintained by: @budgie-sig, joshstrobl) pocillo-gtk2-theme-0.11-3.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 pop-gtk-theme (maintained by: carlwgeorge) pop-gtk2-theme-5.5.1-8.fc44.noarch requires gtk-murrine-engine = 0.98.2-43.fc44 budgie-desktop-defaults (maintained by: joshstrobl) budgie-desktop-defaults-0.5.4-3.fc44.noarch requires pocillo-gtk-theme = 0.11-3.fc44 cosmic-settings-daemon (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-settings-daemon-1.0.11-1.fc45.x86_64 requires pop-sound-theme = 5.5.1-8.fc44 cosmic-session (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-session-1.0.11-1.fc45.x86_64 requires cosmic-settings = 1.0.11-1.fc45, cosmic-settings-daemon = 1.0.11-1.fc45, system-cosmic-config cosmic-settings (maintained by: @cosmic-sig, @rust-sig, ryanabx) cosmic-settings-1.0.11-1.fc45.x86_64 requires cosmic-settings-daemon = 1.0.11-1.fc45 cosmic-config-fedora (maintained by: ngompa) cosmic-config-fedora-0~git.20241103.1.d35e087-5.fc44.noarch requires cosmic-settings = 1.0.11-1.fc45 Depending on: http-parser (7), status change: 2026-04-17 (2 weeks ago) jabberd (maintained by: dmaphy) jabberd-2.6.1-34.fc44.src requires http-parser-devel = 2.9.4-16.fc44 jabberd-2.6.1-34.fc44.x86_64 requires libhttp_parser.so.2()(64bit) julia (maintained by: nalimilan) julia-1.12.1-1.fc44.src requires http-parser-devel = 2.9.4-16.fc44 slurm (maintained by: @epel-packagers-sig, neil, salimma) slurm-25.11.4-8.fc45.src requires http-parser-devel = 2.9.4-16.fc44 slurm-25.11.4-8.fc45.x86_64 requires libhttp_parser.so.2()(64bit) cantor (maintained by: @kde-sig, @r-maint-sig, than) cantor-26.04.0-2.fc45.src requires julia-devel = 1.12.1-1.fc44 cantor-julia-26.04.0-2.fc45.x86_64 requires libjulia.so.1.12()(64bit), libjulia.so.1.12(JL_LIBJULIA_1.12)(64bit) vim-syntastic (maintained by: mhjacks) vim-syntastic-julia-3.10.0-30.fc45.noarch requires julia = 1.12.1-1.fc44 python-snakemake-executor-plugin-slurm (maintained by: @neuro-sig, music) python-snakemake-executor-plugin-slurm-2.6.1-1.fc45.src requires slurm = 25.11.4-8.fc45 python3-snakemake-executor-plugin-slurm-2.6.1-1.fc45.noarch requires slurm = 25.11.4-8.fc45 LabPlot (maintained by: @kde-sig, @scitech_sig, cicku, topazus) LabPlot-2.12.1-20.fc45.src requires cantor-devel = 26.04.0-2.fc45 LabPlot-2.12.1-20.fc45.x86_64 requires libcantorlibs.so.28()(64bit) Depending on: log4cpp (4), status change: 2026-03-30 (4 weeks ago) elements (maintained by: aalvarez) elements-6.3.4-6.fc44.i686 requires liblog4cpp.so.5 elements-6.3.4-6.fc44.src requires log4cpp-devel = 1.1.3-21.fc44 elements-6.3.4-6.fc44.x86_64 requires liblog4cpp.so.5()(64bit) elements-alexandria (maintained by: aalvarez) elements-alexandria-2.32.0-6.fc44.i686 requires libElementsKernel.so.6.3.4, liblog4cpp.so.5 elements-alexandria-2.32.0-6.fc44.src requires elements-devel = 6.3.4-6.fc44, elements-doc = 6.3.4-6.fc44, log4cpp-devel = 1.1.3-21.fc44 elements-alexandria-2.32.0-6.fc44.x86_64 requires libElementsKernel.so.6.3.4()(64bit), liblog4cpp.so.5()(64bit) elements-alexandria-devel-2.32.0-6.fc44.i686 requires elements-devel(x86-32) = 6.3.4-6.fc44 elements-alexandria-devel-2.32.0-6.fc44.x86_64 requires elements-devel(x86-64) = 6.3.4-6.fc44 elements-alexandria-doc-2.32.0-6.fc44.noarch requires elements-doc = 6.3.4-6.fc44 engauge-digitizer (maintained by: sagitter) engauge-digitizer-1:12.9.1-4.fc44.src requires log4cpp-devel = 1.1.3-21.fc44 engauge-digitizer-1:12.9.1-4.fc44.x86_64 requires liblog4cpp.so.5()(64bit) fastnetmon (maintained by: music, odintsov) fastnetmon-1.2.1-33.20220528git420e7b8.fc45.src requires log4cpp-devel = 1.1.3-21.fc44 fastnetmon-1.2.1-33.20220528git420e7b8.fc45.x86_64 requires liblog4cpp.so.5()(64bit) Depending on: mopidy (1), status change: 2026-04-03 (4 weeks ago) mopidy-mpd (maintained by: orphan) mopidy-mpd-4.0.0~a4-1.fc45.noarch requires mopidy = 4.0.0~a15-1.fc45, python3.14dist(mopidy) = 4~a15 mopidy-mpd-4.0.0~a4-1.fc45.src requires mopidy = 4.0.0~a15-1.fc45, python3dist(mopidy) = 4~a15 Depending on: pykka (2), status change: 2026-04-03 (4 weeks ago) mopidy (maintained by: orphan) mopidy-4.0.0~a15-1.fc45.noarch requires python3-Pykka = 4.2.0-6.fc44, python3.14dist(pykka) = 4.2 mopidy-4.0.0~a15-1.fc45.src requires python3-Pykka = 4.2.0-6.fc44, python3dist(pykka) = 4.2 mopidy-mpd (maintained by: orphan) mopidy-mpd-4.0.0~a4-1.fc45.noarch requires mopidy = 4.0.0~a15-1.fc45, python3.14dist(mopidy) = 4~a15, python3.14dist(pykka) = 4.2 mopidy-mpd-4.0.0~a4-1.fc45.src requires mopidy = 4.0.0~a15-1.fc45, python3dist(mopidy) = 4~a15, python3dist(pykka) = 4.2 Depending on: python-pytest-sugar (1), status change: 2026-04-09 (3 weeks ago) home-assistant-cli (maintained by: thebeanogamer) home-assistant-cli-1.0.0-1.fc45.src requires python3dist(pytest-sugar) = 1.1.1 Depending on: rubygem-macaddr (1), status change: 2026-04-07 (3 weeks ago) rubygem-uuid (maintained by: valtri) rubygem-uuid-2.3.7-25.fc44.noarch requires rubygem(macaddr) = 1.7.2 rubygem-uuid-2.3.7-25.fc44.src requires rubygem(macaddr) = 1.7.2 Depending on: rust-varlink (2), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink/default) = 11.0.1, crate(varlink_stdinterfaces/default) = 11.0.2 rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink/default) = 11.0.1 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink/default) = 11.0.1 Depending on: rust-varlink_generator (2), status change: 2026-04-29 (0 weeks ago) rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink_generator/default) = 10.1.0 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink_generator/default) = 10.1.0 rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_stdinterfaces/default) = 11.0.2 Depending on: rust-varlink_parser (3), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_parser/default) = 4.2.0, crate(varlink_stdinterfaces/default) = 11.0.2 rust-varlink_generator (maintained by: @rust-sig, orphan) rust-varlink_generator-10.1.0-10.fc44.src requires crate(varlink_parser/default) = 4.2.0 rust-varlink_generator-devel-10.1.0-10.fc44.noarch requires crate(varlink_parser/default) = 4.2.0 rust-varlink_stdinterfaces (maintained by: @rust-sig, orphan) rust-varlink_stdinterfaces-11.0.2-13.fc44.src requires crate(varlink_generator/default) = 10.1.0 rust-varlink_stdinterfaces-devel-11.0.2-13.fc44.noarch requires crate(varlink_generator/default) = 10.1.0 Depending on: rust-varlink_stdinterfaces (1), status change: 2026-04-29 (0 weeks ago) rust-varlink-cli (maintained by: @rust-sig, orphan) rust-varlink-cli-4.5.3-11.fc44.src requires crate(varlink_stdinterfaces/default) = 11.0.2 Depending on: wingpanel (4), status change: 2026-05-03 (0 weeks ago) wingpanel-indicator-a11y (maintained by: @pantheon-sig, orphan) wingpanel-indicator-a11y-1.0.2-5.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-a11y-1.0.2-5.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-bluetooth (maintained by: @pantheon-sig, orphan) wingpanel-indicator-bluetooth-8.0.0-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-bluetooth-8.0.0-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-datetime (maintained by: @pantheon-sig, orphan) wingpanel-indicator-datetime-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-datetime-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 wingpanel-indicator-keyboard (maintained by: @pantheon-sig, orphan) wingpanel-indicator-keyboard-2.4.2-4.fc44.src requires pkgconfig(wingpanel) = 8.0.4 wingpanel-indicator-keyboard-2.4.2-4.fc44.x86_64 requires libwingpanel.so.8()(64bit), wingpanel(x86-64) = 8.0.4^20260127.gitcd4852e-1.fc44 Affected (co)maintainers @budgie-sig: gtk-murrine-engine @cosmic-sig: gtk-murrine-engine @epel-packagers-sig: gtk-murrine-engine, http-parser @gnome-sig: grilo-plugins, grilo @go-sig: golang-github-circonus-labs-apiclient, golang-bitbucket-creachadair-shell, golang-github-labstack-echo-4, golang-github-xanzy-ssh-agent, golang-github-syndtr-goleveldb, golang-gopkg-alecthomas-kingpin-2, golang-cloud-google-pubsub, golang-github-gliderlabs-ssh, golang-github-task-slim-sprig, golang-hein-version, golang-github-prashantv-gostub, golang-github-circonus-labs-circonusllhist, golang-github-jose4, golang-github-erkexzcx-valetudopng, golang-github-mdlayher-genetlink, golang-github-googleapis-enterprise-certificate-proxy, golang-github-burntsushi-toml, golang-github-task-slim-sprig3, golang-github-git-gcfg, golang-github-andreyvit-diff, golang-github-patrickmn-cache, golang-github-sergi-diff, golang-github-groupcache, golang-github-peterbourgon-diskv, golang-github-armon-socks5, golang-github-hebcal-greg, golang-github-git-fixtures-4, golang-github-elazarl-goproxy, golang-github-skeema-knownhosts, golang-github-antihax-optional, golang-github-google-renameio-2, golang-github-ghodss-yaml, golang-github-joshuarubin-lifecycle, golang-github-pjbgf-sha1cd, golang-cloud-google-spanner @kde-sig: kwebkitpart, http-parser @neuro-sig: http-parser @pantheon-sig: pantheon-wayland, elementary-calculator, elementary-onboarding, wingpanel-indicator-bluetooth, wingpanel-indicator-datetime, elementary-notifications, granite-7, elementary-photos, elementary-settings-daemon, elementary-mail, wingpanel-indicator-a11y, elementary-camera, elementary-code, elementary-calendar, wingpanel, elementary-files, gala, wingpanel-indicator-keyboard, elementary-music, elementary-screenshot @r-maint-sig: http-parser @rust-sig: rust-procs, rust-varlink_generator, rust-tealdeer, rust-varlink_stdinterfaces, rust-varlink, rust-varlink_parser, rust-heatseeker, rust-varlink-cli, rust-bisection, gtk-murrine-engine, rust-dutree @scitech_sig: http-parser @sway-sig: granite-7 aalvarez: log4cpp abbra: openssl-gost-engine aekoroglu: granite-7 alexl: grilo-plugins, grilo alexsaezm: golang-github-burntsushi-toml amigadave: grilo atim: botan2, granite-7 buckaroogeek: gtk-murrine-engine carlwgeorge: gtk-murrine-engine cicku: http-parser dbelyavs: openssl-gost-engine dcavalca: golang-github-andreyvit-diff, dex-autostart, golang-github-sergi-diff, gtk-murrine-engine, golang-github-burntsushi-toml dfateyev: golang-github-burntsushi-toml dmaphy: http-parser duck: http-parser dwmw2: grilo eclipseo: golang-gopkg-alecthomas-kingpin-2, golang-github-burntsushi-toml jchaloup: golang-github-xanzy-ssh-agent, golang-github-ghodss-yaml, golang-github-peterbourgon-diskv, golang-github-syndtr-goleveldb, golang-github-burntsushi-toml, golang-github-gliderlabs-ssh jorti: grilo joshstrobl: gtk-murrine-engine, grilo kalev: grilo-plugins, grilo kevin: gtk-murrine-engine kushal: golang-github-burntsushi-toml kwizart: gtk-murrine-engine lbazan: gtk-murrine-engine maxamillion: gtk-murrine-engine mclasen: grilo-plugins, grilo mcrha: elementary-mail, elementary-calendar mhjacks: http-parser mikelo2: golang-github-burntsushi-toml mochaa: grilo mrunge: http-parser music: log4cpp, python-platformio, http-parser nalimilan: http-parser nathans: golang-github-burntsushi-toml neil: http-parser ngompa: gtk-murrine-engine, golang-github-joshuarubin-lifecycle nonamedotc: gtk-murrine-engine, grilo odintsov: log4cpp olem: golang-gopkg-alecthomas-kingpin-2 qulogic: golang-github-burntsushi-toml rhughes: grilo-plugins, grilo robert: gtk-murrine-engine rstrode: grilo-plugins, grilo runcom: golang-github-burntsushi-toml ryanabx: gtk-murrine-engine sagitter: log4cpp salimma: dex-autostart, http-parser sgallagh: http-parser snirkel: grilo teuf: grilo-plugins, grilo than: kwebkitpart, http-parser thebeanogamer: python-pytest-sugar thm: botan2 topazus: granite-7, golang-github-burntsushi-toml, http-parser tsmetana: gtk-murrine-engine v02460: golang-github-burntsushi-toml valtri: rubygem-macaddr vascom: http-parser victortoso: grilo-plugins, grilo Orphans (99): bbox-firago-fonts bign-handheld-thumbnailer botan2 dex-autostart dnf-plugin-ovl dqlite elementary-calculator elementary-calendar elementary-camera elementary-code elementary-files elementary-mail elementary-music elementary-notifications elementary-onboarding elementary-photos elementary-screenshot elementary-settings-daemon fparser gala gcolor2 glibd golang-bitbucket-creachadair-shell golang-cloud-google-pubsub golang-cloud-google-spanner golang-github-andreyvit-diff golang-github-antihax-optional golang-github-armon-socks5 golang-github-burntsushi-toml golang-github-circonus-labs-apiclient golang-github-circonus-labs-circonusllhist golang-github-elazarl-goproxy golang-github-erkexzcx-valetudopng golang-github-ghodss-yaml golang-github-git-fixtures-4 golang-github-git-gcfg golang-github-gliderlabs-ssh golang-github-google-renameio-2 golang-github-googleapis-enterprise-certificate-proxy golang-github-groupcache golang-github-hebcal-greg golang-github-jose4 golang-github-joshuarubin-lifecycle golang-github-labstack-echo-4 golang-github-mdlayher-genetlink golang-github-patrickmn-cache golang-github-peterbourgon-diskv golang-github-pjbgf-sha1cd golang-github-prashantv-gostub golang-github-sergi-diff golang-github-skeema-knownhosts golang-github-syndtr-goleveldb golang-github-task-slim-sprig golang-github-task-slim-sprig3 golang-github-xanzy-ssh-agent golang-gopkg-alecthomas-kingpin-2 golang-hein-version granite-7 grilo grilo-plugins gtk-murrine-engine http-parser kwebkitpart log4cpp mod_auth_openid mopidy mopidy-mpd nodejs-backbone octave-parallel openssl-gost-engine pantheon-wayland pykka python-cmake-build-extension python-modernize python-opytimizer python-platformio python-pytest-sugar python-pyxs rubygem-macaddr rubygem-opennebula rust-bisection rust-dutree rust-heatseeker rust-procs rust-tealdeer rust-varlink rust-varlink-cli rust-varlink_generator rust-varlink_parser rust-varlink_stdinterfaces vim-javabrowser vim-taglist wingpanel wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard wult xdaliclock Orphans (dependend on) (23): botan2 dex-autostart elementary-notifications gala golang-github-andreyvit-diff golang-github-burntsushi-toml golang-github-sergi-diff golang-gopkg-alecthomas-kingpin-2 granite-7 grilo grilo-plugins gtk-murrine-engine http-parser log4cpp mopidy pykka python-pytest-sugar rubygem-macaddr rust-varlink rust-varlink_generator rust-varlink_parser rust-varlink_stdinterfaces wingpanel Orphans (rawhide) for at least 6 weeks (dependend on) (0): Orphans (rawhide) (not depended on) (76): bbox-firago-fonts bign-handheld-thumbnailer dnf-plugin-ovl dqlite elementary-calculator elementary-calendar elementary-camera elementary-code elementary-files elementary-mail elementary-music elementary-onboarding elementary-photos elementary-screenshot elementary-settings-daemon fparser gcolor2 glibd golang-bitbucket-creachadair-shell golang-cloud-google-pubsub golang-cloud-google-spanner golang-github-antihax-optional golang-github-armon-socks5 golang-github-circonus-labs-apiclient golang-github-circonus-labs-circonusllhist golang-github-elazarl-goproxy golang-github-erkexzcx-valetudopng golang-github-ghodss-yaml golang-github-git-fixtures-4 golang-github-git-gcfg golang-github-gliderlabs-ssh golang-github-google-renameio-2 golang-github-googleapis-enterprise-certificate-proxy golang-github-groupcache golang-github-hebcal-greg golang-github-jose4 golang-github-joshuarubin-lifecycle golang-github-labstack-echo-4 golang-github-mdlayher-genetlink golang-github-patrickmn-cache golang-github-peterbourgon-diskv golang-github-pjbgf-sha1cd golang-github-prashantv-gostub golang-github-skeema-knownhosts golang-github-syndtr-goleveldb golang-github-task-slim-sprig golang-github-task-slim-sprig3 golang-github-xanzy-ssh-agent golang-hein-version kwebkitpart mod_auth_openid mopidy-mpd nodejs-backbone octave-parallel openssl-gost-engine pantheon-wayland python-cmake-build-extension python-modernize python-opytimizer python-platformio python-pyxs rubygem-opennebula rust-bisection rust-dutree rust-heatseeker rust-procs rust-tealdeer rust-varlink-cli vim-javabrowser vim-taglist wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard wult xdaliclock Orphans (rawhide) for at least 6 weeks (not dependend on) (0): Depending packages (rawhide) (69): LabPlot NsCDE SwayNotificationCenter arc-theme bluebird budgie-control-center budgie-desktop-defaults cantor cosmic-config-fedora cosmic-session cosmic-settings cosmic-settings-daemon cros-guest-tools elementary-calculator elementary-camera elementary-music elementary-notifications elementary-screenshot elements elements-alexandria elvish engauge-digitizer fastnetmon gala gnome-music golang-github-andreyvit-diff golang-github-facebookincubator-nvdtools golang-github-jose-3 golang-github-jsonnet-bundler golang-github-mmarkdown-mmark golang-github-nicksnyder-i18n-2 golang-github-opencontainers-runtime-tools golang-github-schollz-cli-2 golang-github-shopify-toxiproxy golang-github-urfave-cli golang-github-urfave-cli-2 golang-github-vbatts-tar-split golang-gopkg-natefinch-lumberjack-2 golang-mau-zeroconfig gotun greybird grilo-plugins home-assistant-cli jabberd julia minder mopidy mopidy-mpd pocillo-gtk-theme pop-gtk-theme pragha python-snakemake-executor-plugin-slurm qownnotes rhythmbox rhythmbox-alternative-toolbar rhythmbox-ampache rubygem-uuid rust-varlink-cli rust-varlink_generator rust-varlink_stdinterfaces slurm totem vim-syntastic warble wingpanel wingpanel-indicator-a11y wingpanel-indicator-bluetooth wingpanel-indicator-datetime wingpanel-indicator-keyboard Packages depending on packages orphaned (rawhide) for more than 6 weeks (0): Non-leaf golang library packages (rawhide) (4): golang-github-andreyvit-diff golang-github-burntsushi-toml golang-github-sergi-diff golang-gopkg-alecthomas-kingpin-2 -- The script creating this output is run and developed by Fedora Release Engineering. Please report issues at its pagure instance: https://pagure.io/releng/ The sources of this script can be found at: https://pagure.io/releng/blob/main/f/scripts/find_unblocked_orphans.py Report finished at 2026-05-03 22:04:33 UTC -- _______________________________________________ devel-announce mailing list -- devel-announce@lists.fedoraproject.org To unsubscribe send an email to devel-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-announce@lists.fedoraproject.org Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
Saturday, May 2, 2026
FreeBSD Errata Notice FreeBSD-EN-26:12.freebsd-update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:12.freebsd-update Errata Notice The FreeBSD Project Topic: Source inconsistency between freebsd-update, EN/SAs, and git Category: core Module: freebsd-update Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-05-01 15:08:47 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-05-01 15:08:38 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:31 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-05-01 15:08:20 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background The FreeBSD Security Team distributes patches for supported releases via the git version control system, as patches link through errata and advisories, and through the freebsd-update binary update system. Both freebsd-update and the errata/advisories do not directly use the authoritative git repo but instead rely on individual patch files. II. Problem Description Due to the manual nature of patch file development and management, there are instances where either a freebsd-update maintained machine or a patched source tree from errata/advisories have become out of sync with the authoritative git repository. Specifically, an earlier version of the patch associated with SA-26:11.amd64 was distributed via freebsd-update. The source patch linked in the advisory and the source in git were both correct. Additionally, patches distributed via freebsd-update and errata/advisories are occasionally missing test or non-material ancillary files to minimize patch size and improve compatibility across releases, causing an additional source of drift from the authoritative git repository. Pkgbase is unaffected as it directly builds from the authoritative git repository. III. Impact As a result of this drift, the FreeBSD Security Team has changed the freebsd-update build mechanism to retrieve source directly from the authoritative git repository. This has caused a binary update to rectify the SA-26:11.amd64 issue as well as alter a few additional files, such as test infrastructure and ancillary tooling files, that have been updated in git but were not distributed via freebsd-update. IV. Workaround No workaround is available. Systems using pkgbase or building directly from source obtained from the authoritative git repository are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot the system. Perform one of the following: 1) If your system is installed from base system packages: No update is needed as pkgbase is not affected by this issue. 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a system update" 3) To update your system via a source code patch: The following patches are only intended to be used for source trees that have been maintained with patches linked by previous EN/SAs. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 15.0] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-150.patch.asc # gpg --verify ensa-150.patch.asc [FreeBSD 14.4] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-144.patch.asc # gpg --verify ensa-144.patch.asc [FreeBSD 14.3] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-143.patch.asc # gpg --verify ensa-143.patch.asc [FreeBSD 13.5] # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch # fetch https://security.FreeBSD.org/patches/EN-26:12/ensa-135.patch.asc # gpg --verify ensa-135.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- releng/15.0/ 53054229dcb3 releng/15.0-n281036 releng/14.4/ 49be56ed6fea releng/14.4-n273700 releng/14.3/ 4f4b48e8a547 releng/14.3-n271500 releng/13.5/ 2e6399fe39b3 releng/13.5-n259222 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270166> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:12.freebsd-update.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0yLQbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvPNYQAIXixMavK1HRNgv1kzms qcAlmg/dd46KZKD7SkgAmlqKfO1wIdpDo5GZhcpKqS0TRorgqi7u9UU8xNsYxyG0 mD00dY1m65Vy5wE56QOYDFGnVgC4ZkP3it0HUGZf2t7H9kWO7LB8w8v41z+V7HKK XRaECq4OyCjeFL9e9C1BdztkFSeVyubN+L2ca8q4S6EWq+4tu9ubTaY+P+Xojy0X 1jX42p31ZYoowHNoNPoC6jfNXrHYg2n7TZ3/kcEwCHlENpoFNT7a87RbijoAlvNP 4Y/IsvlvFdpSjxuyT9chKCPiCaMKkb26Zzng8WPcveeQP1T0f6vV7OFCIl+5RlSM dFAYp3+IgyBfNa2iQ+ANYrVZB6718gBiE3mAweO/3VJDRK0+okxtQoOlonOSOUJd BEQrurf2nVJC0Ihi82C/Yn8lHT6IGgEWQzpLLJH2Y9A5z9IEDNpT7s6l6SwOgVuT 1C16q9IincGwKi8YuL1v3Xr9D71PaFWj9DNVuIVe6j9nAFgqZuIFOTPObDcnfN6t n7hiL2UdOIr9bUxl/H8FQoh5nHeDfbzSn0pF1mvkUMANC1/WSQY3ZVmQHOF5D0yV 9snZZTdsk4eZjhXJUGnLIgBVpYNqwTF7Hm3A0/LF4nbTQm2w78XMj/dIJq7lLliH BHnoS2GbAjlAHemJRTt14Zcm =Baez -----END PGP SIGNATURE-----
Friday, May 1, 2026
[USN-8215-1] .NET vulnerability
========================================================================== Ubuntu Security Notice USN-8215-1 April 28, 2026 dotnet10 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS Summary: .NET could be made to crash or run programs as an administrator. Software Description: - dotnet10: .NET CLI tools and runtime Details: It was discovered that the Microsoft.AspNetCore.DataProtection library in .NET did not properly verify cryptographic signatures under certain conditions. A remote attacker could possibly use this issue to elevate privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 aspnetcore-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-host-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~25.10.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~25.10.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~25.10.1 dotnet10 10.0.107-10.0.7-0ubuntu1~25.10.1 Ubuntu 24.04 LTS aspnetcore-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-host-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-hostfxr-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-runtime-10.0 10.0.7-0ubuntu1~24.04.1 dotnet-sdk-10.0 10.0.107-0ubuntu1~24.04.1 dotnet-sdk-aot-10.0 10.0.107-0ubuntu1~24.04.1 dotnet10 10.0.107-10.0.7-0ubuntu1~24.04.1 After a standard system update, it is recommended to rotate the DataProtection key ring. References: https://ubuntu.com/security/notices/USN-8215-1 CVE-2026-40372 Package Information: https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~25.10.1 https://launchpad.net/ubuntu/+source/dotnet10/10.0.107-10.0.7-0ubuntu1~24.04.1
FreeBSD Errata Notice FreeBSD-EN-26:11.dhclient
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-26:11.dhclient Errata Notice The FreeBSD Project Topic: dhclient(8) lease validation is too strict Category: core Module: dhclient Announced: 2026-05-01 Affects: All supported versions of FreeBSD. Corrected: 2026-04-30 21:07:00 UTC (stable/15, 15.0-STABLE) 2026-05-01 15:08:46 UTC (releng/15.0, 15.0-RELEASE-p8) 2026-04-30 21:07:11 UTC (stable/14, 14.4-STABLE) 2026-05-01 15:08:37 UTC (releng/14.4, 14.4-RELEASE-p4) 2026-05-01 15:08:30 UTC (releng/14.3, 14.3-RELEASE-p13) 2026-04-30 21:07:24 UTC (stable/13, 13.5-STABLE) 2026-05-01 15:08:19 UTC (releng/13.5, 13.5-RELEASE-p14) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Note: While FreeBSD 13.5 is end of life (EOL) as of May 1st, 2026, the Security Team has decided to patch this issue as it was identified and a fix was in-flight before the EOL date. I. Background dhclient(8) is the default IPv4 DHCP client used on FreeBSD. It is responsible for contacting DHCP servers on a network segment and for initialising and configuring network interfaces based on received information. When processing a DHCP offer, dhclient passes various parameters provided by the server to dhclient-script(8). DHCP options, as documented in dhcp-options(5), are passed via the environment. II. Problem Description The patch for FreeBSD-SA-26:15.dhclient introduced some validation of the boot file DHCP option to prevent unescaped values from being written to the stored lease file. This validation is overly strict and rejects Windows paths. III. Impact The overly strict validation may cause dhclient(8) to reject valid leases. IV. Workaround No workaround is available. Systems not running dhclient(8) are not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system installed from base system packages: Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64 platforms, which were installed using base system packages, can be updated via the pkg(8) utility: # pkg upgrade -r FreeBSD-base 2) To update your system installed from binary distribution sets: Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, or the i386 platform on FreeBSD 13, which were not installed using base system packages, can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch # fetch https://security.FreeBSD.org/patches/EN-26:11/dhclient.patch.asc # gpg --verify dhclient.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected as of the corresponding Git commit hash in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/15/ 252f603d1704 stable/15-n283453 releng/15.0/ dc8762cfb6e2 releng/15.0-n281035 stable/14/ 2f9478ad42c4 stable/14-n274094 releng/14.4/ dfcb69cdb07e releng/14.4-n273699 releng/14.3/ 5bad905eb37f releng/14.3-n271499 stable/13/ b1ece85741db stable/13-n259871 releng/13.5/ b362b6b6c8f2 releng/13.5-n259221 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat <commit hash> Or visit the following URL, replacing NNNNNN with the hash: <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=294886> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-26:11.dhclient.asc> -----BEGIN PGP SIGNATURE----- iQJPBAEBCgA5FiEEthUnfoEIffdcgYM7bljekB8AGu8FAmn0xiAbFIAAAAAABAAO bWFudTIsMi41KzEuMTIsMCwzAAoJEG5Y3pAfABrvJnEQAJ8ZYWjGt7iYjMkOZiM1 I7NLl7RygvIWU25ThAOXlA7zPA7LbS23+nca4QlNdvTVkpcfsCrmxhJYY4ymkZh7 QuEVDEp20n02S7362S9kCpmp3NDXQvuCPNt8zRel4ek3u/b8/9KCASL1jN+1eSgR G8ZVWVheRzKgsaYJsDIyX0AjNk41gQk8ASYoWjeIk5F14kFk3ozlfJTrBL2XlOuL J28P47d5lEgU2x04xLSZF9xQrF1I13XZa8pMtogF3aveTXXVzHDJFZIcppu0uQYY tp9uvyQ6NnzNPBXWztVCJ+eRdxS4RLp3Dp3U9/3GrqVuCfG8BO7kE5OhcjO0EPVC lmvXBJLqQnsodEQA0BysAsMxlMcw+n6z0np2DFdFCkyLrPCx3Bm+D/WRLngRcp4s +FBIgoF+ywUXVwLRkVJeCsQJTNzVhneq8rtcfE6LdJoIgW/oOUyNEJTBpgvhXmz6 /pmW47cmNY+CFWCXAL/7fLZVX1dYvEpSn+Iqqs8Efr2OFfQqRXZunJXNXnKuMtfT p82Hl////cHObQSqlI95J5yJmdBzOxlpzHTwSLVTD5SfvAcN3PzN3hRhFFqG8lg5 HV64Fu1xPqLX1mthTw1Sbng5mTUL+MJ5BN26M+UevYZBi02m5nMUyjWH+D4Bn3RS gajZ9Z16VPgdlPsNPihqsx7k =Ro3y -----END PGP SIGNATURE-----