The following Fedora 35 Security updates need testing: Age URL 86 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9 libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35 78 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11 mysql-connector-java-8.0.28-1.fc35 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bc606b86f4 CuraEngine-4.13.1-2.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f14e2308e chromium-100.0.4896.127-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b freerdp-2.7.0-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4e6bd7ca62 recutils-1.9-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b9f9b2993 suricata-6.0.5-1.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-8cf0124add ruby-3.0.4-153.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0985b0cb9f mingw-freetype-2.11.0-2.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-44373f6778 redis-6.2.7-1.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-411f088574 curl-7.79.1-2.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-03350936ee galera-26.4.11-1.fc35 mariadb-10.5.15-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5a2e1ad72b java-1.8.0-openjdk-1.8.0.332.b09-1.fc35 java-11-openjdk-11.0.15.0.10-1.fc35 java-17-openjdk-17.0.3.0.7-1.fc35 java-latest-openjdk-18.0.1.0.10-1.rolling.fc35
The following Fedora 35 Critical Path updates have yet to be approved: Age URL 40 https://bodhi.fedoraproject.org/updates/FEDORA-2022-925ac7bfff gnome-shell-41.5-1.fc35 mutter-41.5-1.fc35 18 https://bodhi.fedoraproject.org/updates/FEDORA-2022-59b61235bf binutils-2.37-17.fc35 10 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35 9 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fff31008f6 langtable-0.0.58-1.fc35 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd04a43eb1 rtkit-0.11-30.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-15778e49e1 libhandy-1.4.1-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c66e33b1 inih-55-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bdfcd4f5d3 libtpms-0.9.4-0.20220425gite4d68670e1.fc35.0 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0c44eb0df4 python-rpmautospec-0.2.6-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b freerdp-2.7.0-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e4a46d0bd0 livecd-tools-30.0-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3046139e5 gnutls-3.7.4-1.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-411f088574 curl-7.79.1-2.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-916eaaeb7b kernel-5.17.5-200.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0ab93ad2ab python-requests-2.27.1-2.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2c74c0c111 vim-8.2.4845-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-01079468a3 systemd-249.12-3.fc35
The following builds have been pushed to Fedora 35 updates-testing
cifs-utils-6.15-1.fc35 fbrnch-1.1-2.fc35 fcft-3.1.1-1.fc35 gn-1938-10.20210927git0153d369.fc35 gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc35 golang-github-evanw-esbuild-0.14.38-1.fc35 lxqt-globalkeys-0.17.0-2.fc35 mold-1.2.1-1.fc35 onedrive-2.4.17-1.fc35 python-dns-lexicon-3.10.0-1.fc35 python-xds-protos-0.0.11-10.fc35 theme-switcher-2.0.4-10.fc35 variety-0.8.7-1.fc35 vdr-skinnopacity-1.1.10-1.fc35 w3m-0.5.3-55.git20220429.fc35
Details about builds:
================================================================================ cifs-utils-6.15-1.fc35 (FEDORA-2022-7fda04ab5a) Utilities for mounting and managing CIFS mounts -------------------------------------------------------------------------------- Update Information:
This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Both issues were originally reported and fixed by Jeffrey Bencteux. -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Alexander Bokovoy abokovoy@redhat.com - 6.15-1 - Upstream release 6.15 - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing - Fixes: rhbz#2080525 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080525 - cifs-utils-6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080525 --------------------------------------------------------------------------------
================================================================================ fbrnch-1.1-2.fc35 (FEDORA-2022-ee4531591e) Fedora packager tool to build package branches -------------------------------------------------------------------------------- Update Information:
https://hackage.haskell.org/package/fbrnch-1.1/changelog -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Jens Petersen petersen@redhat.com - 1.1-2 - https://hackage.haskell.org/package/fbrnch-1.1/changelog --------------------------------------------------------------------------------
================================================================================ fcft-3.1.1-1.fc35 (FEDORA-2022-831463eb16) Simple library for font loading and glyph rasterization -------------------------------------------------------------------------------- Update Information:
Update to 3.1.1 (#2080746) -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Aleksei Bavshin alebastr@fedoraproject.org - 3.1.1-1 - Update to 3.1.1 (#2080746) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080746 - fcft-3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080746 --------------------------------------------------------------------------------
================================================================================ gn-1938-10.20210927git0153d369.fc35 (FEDORA-2022-ad676341b3) Meta-build system that generates build files for Ninja -------------------------------------------------------------------------------- Update Information:
Improve handling of bundled ICU components -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-10.20210927git0153d369 - Improve handling of bundled ICU components * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-9.20210927git0153d369 - Stop numbering patches * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-8.20210927git0153d369 - BR emacs-common for RPM macros * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-7.20210927git0153d369 - Drop even the emacs-nox BR * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-6.20210927git0153d369 - BR emacs-nox instead of full emacs * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-5.20210927git0153d369 - Drop BR on python3, redundant with python3-devel * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1938-4.20210927git0153d369 - Use %python3 macro instead of %__python3 --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc35 (FEDORA-2022-b5b39ef74f) A gnome-shell extension to show speed of the internet -------------------------------------------------------------------------------- Update Information:
Update to 3.32-0.4.20220421git5a96082 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 3.32-0.4.20220421git5a96082 - Update to 3.32-0.4.20220421git5a96082 * Fri Mar 25 2022 Martin Gansser martinkg@fedoraproject.org - 3.32-0.3.20211102git8638073 - Add gnome 42 Support * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 3.32-0.2.20211102git8638073 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ golang-github-evanw-esbuild-0.14.38-1.fc35 (FEDORA-2022-583c789a0d) Fast JavaScript bundler and minifier -------------------------------------------------------------------------------- Update Information:
Update to 0.14.38 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 26 2022 Onuralp SEZER thunderbirdtr@fedoraproject.org - 0.14.38-1 - Update to 0.14.38 * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0.8.32-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ lxqt-globalkeys-0.17.0-2.fc35 (FEDORA-2022-4bb60a6cbb) Global keys utility for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
Backported a fix so the daemon can start reliably. -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 19 2022 Bj��rn Persson <Bjorn@Rombobj��rn.se> - 0.17.0-2 - Backported a fix so the daemon can start reliably. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2036058 - lxqt-globalkeys not running https://bugzilla.redhat.com/show_bug.cgi?id=2036058 --------------------------------------------------------------------------------
================================================================================ mold-1.2.1-1.fc35 (FEDORA-2022-d2ca9d6a93) A Modern Linker -------------------------------------------------------------------------------- Update Information:
Bump version to 1.2.1 -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Christoph Erhardt fedora@sicherha.de - 1.2.1-1 - Bump version to 1.2.1 - Drop upstreamed patch - Add support for 32-bit x86 and Arm -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080023 - mold-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080023 --------------------------------------------------------------------------------
================================================================================ onedrive-2.4.17-1.fc35 (FEDORA-2022-344fc319cd) OneDrive Free Client written in D -------------------------------------------------------------------------------- Update Information:
Update to 2.4.17 (#2080550) -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Fedora Release Monitoring release-monitoring@fedoraproject.org - 2.4.17-1 - Update to 2.4.17 (#2080550) --------------------------------------------------------------------------------
================================================================================ python-dns-lexicon-3.10.0-1.fc35 (FEDORA-2022-b704cc7e03) Manipulate DNS records on various DNS providers in a standardized/agnostic way -------------------------------------------------------------------------------- Update Information:
Update to 3.10.0 ---- Add gransy and ddns extra packages -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Christian Schuermann spike@fedoraproject.org 3.10.0-1 - Update to 3.10.0 * Thu Apr 28 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-3 - Add "tests" conditional to make tests optional on EPEL - Ensure that BuildRequires resolve correctly and only relevant tests run when building without extras * Tue Apr 26 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-2 - Reenable tests for GoDady, Transip, Namecheap and NamecheapManaged providers - Add gransy and ddns extra packages - Remove explicit BuildRequires (handled by the pyproject_buildrequires macro) - Remove explicit extra package Requires (handled by automatic dependency generator) - Remove unused rhel7 macro * Tue Apr 19 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-1 - update to 3.9.5 --------------------------------------------------------------------------------
================================================================================ python-xds-protos-0.0.11-10.fc35 (FEDORA-2022-918663d2a3) ProtoBuf generated Python files for xDS protos -------------------------------------------------------------------------------- Update Information:
Rebuild for python-googleapis-common-protos 1.56.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-10 - Fix release number * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-1 - Drop ���forge��� macros since they do not simplify matters here * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11^20210907gitv1.40.0-2 - Rebuild for googleapis-common-protos 1.56 * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11^20210907gitv1.40.0-1 - Modernize snapshot versioning * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-5 - Use %python3 macro instead of %__python3 * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-4 - Update a comment about bootstrapping in the spec file * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-3 - Reduce macro indirection in the spec file --------------------------------------------------------------------------------
================================================================================ theme-switcher-2.0.4-10.fc35 (FEDORA-2022-5549473422) Switch dark/light GTK theme automatically during day/night -------------------------------------------------------------------------------- Update Information:
build: Add dep gnome-terminal | GH#13 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Artem Polishchuk ego.cordatus@gmail.com - 2.0.4-10 - build: Add dep gnome-terminal | GH#13 * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 2.0.4-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ variety-0.8.7-1.fc35 (FEDORA-2022-79b39c4c25) Wallpaper changer that automatically downloads wallpapers -------------------------------------------------------------------------------- Update Information:
Update to 0.8.7-1 ---- Update to 0.8.6-1 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 0.8.7-1 - Update to 0.8.7 * Tue Apr 26 2022 Martin Gansser martinkg@fedoraproject.org - 0.8.6-1 - Update to 0.8.6 * Sat Mar 26 2022 Martin Gansser martinkg@fedoraproject.org - 0.8.5-8 - Add Add_Dark_Wallpaper_Support_for_Gnome42.patch * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 0.8.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ vdr-skinnopacity-1.1.10-1.fc35 (FEDORA-2022-6c63561239) A highly customizable native true color skin for the Video Disc Recorder -------------------------------------------------------------------------------- Update Information:
Update to 1.1.10-1 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 1.1.10-1 - Update to 1.1.10 * Sat Feb 5 2022 Martin Gansser martinkg@fedoraproject.org - 1.1.9-4 - Rebuilt for new VDR API version * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 1.1.9-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Thu Dec 30 2021 Martin Gansser martinkg@fedoraproject.org - 1.1.9-2 - Rebuilt for new VDR API version --------------------------------------------------------------------------------
================================================================================ w3m-0.5.3-55.git20220429.fc35 (FEDORA-2022-89f3169c2f) Pager with Web browsing abilities -------------------------------------------------------------------------------- Update Information:
# w3m 0.5.3+git20220429 ## New features - Support kitty's APC G graphics protocol with ImageMagick's `convert` - Support iTerm2's OSC 1337 graphics protocol - New option inline_img_protocol to select the graphics protocol (0: w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G) - New option `ssl_cipher` to specify TLSv1.2 ciphers, e.g. `DEFAULT:@SECLEVEL=2` - New option `ssl_min_version` for OpenSSL 1.1 - New option `-insecure` to use insecure SSL config options - New option `ssl_ca_default`, explicitly use OpenSSL default paths by default - New option `cross_origin_referer`, use origin only Referer when cross origin - New option `localhost_only `to restrict connections only to localhost - New option `disable_center` to disable center alignment - Support brotli content encoding - Ignore the `-` option to accept `w3m -` as "read from stdin" - New `configure` option `--with-cafile` to detect CA bundle file - Support auto-detection for `configure --with-migemo` - Add fuzzer for OSS-Fuzz - Add Italian translation - Add Swedish translation ## Bug fixes - Prevent index overflow and huge allocation due to Str, libwc, and table - Prevent integer overflow due to fontstat - Prevent StrStream memory leak - Prevent GC warnings of repeated allocation - Prevent buffer overflow in shiftAnchorPosition - Prevent buffer overflow READ when parsing Gopher URLs - Prevent buffer overflow in gotoLine and gotoRealLine - Prevent warnings when `-Wnull- dereference`, enabled by default - Prevent warnings when `-Wall`, enabled by default - Prevent warnings from `cppcheck` - Avoid zero length arrays even when GCC - Fix fail to render over 32767 lines in a table cell - Disable `<section>` behaves as `<hr>` - Disable TLSv1.0 and TLSv1.1 by default - Mention a workaround for SSL error - Fix manipulation of `ASN1_STRING` - Don't include username in Referer - Don't set Referer when data URI scheme - Fix broken anchor with link number at EOL - Fix incorrect query string for `w3mman 7z` - Drop `imlib2-config`, use `pkg-config` - Improve named character references - Improve `<dl>` rendering - Prefer Imlib2 over GTK2 by default - Replace encodeB with `base64_encode` to encode null bytes - Wording fixes for `configure --help` -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Robert Scheck robert@fedoraproject.org - 0.5.3-55.git20220429 - Rebase to latest upstream gitrev 20220429 (#2080136) * Sat Jan 22 2022 Fedora Release Engineering releng@fedoraproject.org - 0.5.3-54.git20210102 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad sahana@redhat.com - 0.5.3-53.git20210102 - Rebuilt with OpenSSL 3.0.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080136 - w3m-0.5.3+git20220429 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080136 --------------------------------------------------------------------------------