The drupal8
package has conflicted with Twig v2 since 8.4.6-2 (Sat Mar 31 2018) -- see https://src.fedoraproject.org/rpms/drupal8/c/2b082882a1b0c5fdce466bd32b7b41bf84235bbc
THANKS @tis! I have fixed the issue and the new release should be available soon.
THANKS @tis! I have fixed the issue and the new release should be available soon.
php-paragonie-random-compat
version constraint has now been removed from php-symfony-security
This update has been unpushed.
This update has been unpushed.
This update has been unpushed.
This update has been unpushed.
Hello muench --
I based the "security" type on the following in the changelog:
2016-07-19 Uwe Tews
{math} shell injection vulnerability patch provided by Tim Weber
2013-09-30
Fixed old vulnerability bug https://bugs.gentoo.org/show_bug.cgi?id=356615
I am curious... what is the use case for this very old version of Smarty?
FYI: I could not find any dependents of this package and have retired it in Fedora 30.
This update has been unpushed.
$ rpm -qp --requires /home/siwinski/rpmbuild/RPMS/noarch/drupal8-8.4.6-3.fc27.noarch.rpm | grep -i symfony | sort
(php-composer(symfony/class-loader) >= 3.2.8 with php-composer(symfony/class-loader) < 4.0.0)
(php-composer(symfony-cmf/routing) >= 1.4 with php-composer(symfony-cmf/routing) < 2.0)
(php-composer(symfony/console) >= 3.2.8 with php-composer(symfony/console) < 4.0.0)
(php-composer(symfony/dependency-injection) >= 3.2.8 with php-composer(symfony/dependency-injection) < 4.0.0)
(php-composer(symfony/event-dispatcher) >= 3.2.8 with php-composer(symfony/event-dispatcher) < 4.0.0)
(php-composer(symfony/http-foundation) >= 3.2.8 with php-composer(symfony/http-foundation) < 4.0.0)
(php-composer(symfony/http-kernel) >= 3.2.8 with php-composer(symfony/http-kernel) < 4.0.0)
(php-composer(symfony/process) >= 3.2.8 with php-composer(symfony/process) < 4.0.0)
(php-composer(symfony/psr-http-message-bridge) >= 1.0 with php-composer(symfony/psr-http-message-bridge) < 2.0)
(php-composer(symfony/routing) >= 3.2.8 with php-composer(symfony/routing) < 4.0.0)
(php-composer(symfony/serializer) >= 3.2.8 with php-composer(symfony/serializer) < 4.0.0)
(php-composer(symfony/translation) >= 3.2.8 with php-composer(symfony/translation) < 4.0.0)
(php-composer(symfony/validator) >= 3.2.8 with php-composer(symfony/validator) < 4.0.0)
(php-composer(symfony/yaml) >= 3.2.8 with php-composer(symfony/yaml) < 4.0.0)
drupal8-8.4.6-3
now uses range dependencies when possible. Also, I finally found that a Symfony Config dependency was missing so that has been added as well.
See https://src.fedoraproject.org/rpms/drupal8/c/dc10ba3d8b6a4839ca7efaaa511d80465dca9a44 for changes
I'm a little lost as to how Symfony 3 is not getting installed as it is listed as a dependency:
$ rpm -qp --requires /home/siwinski/rpmbuild/RPMS/noarch/drupal8-8.4.6-2.fc27.noarch.rpm | grep -i symfony | sort
php-composer(symfony/class-loader) >= 3.2.8
php-composer(symfony/class-loader) < 4.0.0
php-composer(symfony-cmf/routing) >= 1.4
php-composer(symfony-cmf/routing) < 2.0
php-composer(symfony/console) >= 3.2.8
php-composer(symfony/console) < 4.0.0
php-composer(symfony/dependency-injection) >= 3.2.8
php-composer(symfony/dependency-injection) < 4.0.0
php-composer(symfony/event-dispatcher) >= 3.2.8
php-composer(symfony/event-dispatcher) < 4.0.0
php-composer(symfony/http-foundation) >= 3.2.8
php-composer(symfony/http-foundation) < 4.0.0
php-composer(symfony/http-kernel) >= 3.2.8
php-composer(symfony/http-kernel) < 4.0.0
php-composer(symfony/process) >= 3.2.8
php-composer(symfony/process) < 4.0.0
php-composer(symfony/psr-http-message-bridge) >= 1.0
php-composer(symfony/psr-http-message-bridge) < 2.0
php-composer(symfony/routing) >= 3.2.8
php-composer(symfony/routing) < 4.0.0
php-composer(symfony/serializer) >= 3.2.8
php-composer(symfony/serializer) < 4.0.0
php-composer(symfony/translation) >= 3.2.8
php-composer(symfony/translation) < 4.0.0
php-composer(symfony/validator) >= 3.2.8
php-composer(symfony/validator) < 4.0.0
php-composer(symfony/yaml) >= 3.2.8
php-composer(symfony/yaml) < 4.0.0
I'll try modifying the requires to use range dependencies in case it is DNF not installing the correct versions (i.e. just satisfying the "< 4.0.0")
Thanks whoever you are anonymous! Fix in 8.4.6-2
via https://src.fedoraproject.org/rpms/drupal8/c/2b082882a1b0c5fdce466bd32b7b41bf84235bbc?branch=master
Thanks for the update. Can You shed some light on why this is marked a security udpate? Is there some fixed vulnerability? Nothing so far in http://symfony.com/blog/category/security-advisories
I marked it as a security update after a quick review of the changes and the following in 4.0.0-RC1:
This update has been unpushed.
This update has been unpushed.
This update has been unpushed.
This update has been unpushed.
@bellet FEDORA-2022-bf18450366 was submitted for Fedora 35