The following Fedora 36 Security updates need testing: Age URL 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0125d9cd29 CuraEngine-4.13.1-2.fc36 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-59297c8fcd chromium-100.0.4896.127-1.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-17787e290f recutils-1.9-1.fc36 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e7bc9caf04 suricata-6.0.5-1.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-539ff0cd2e mingw-freetype-2.11.1-3.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-6ed1ce2838 redis-6.2.7-1.fc36 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-263f7cc483 galera-26.4.11-1.fc36 mariadb-10.5.15-1.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-42c08d8bd8 java-1.8.0-openjdk-1.8.0.332.b09-1.fc36 java-11-openjdk-11.0.15.0.10-1.fc36 java-17-openjdk-17.0.3.0.7-1.fc36 java-latest-openjdk-18.0.1.0.10-1.rolling.fc36
The following Fedora 36 Critical Path updates have yet to be approved: Age URL 17 https://bodhi.fedoraproject.org/updates/FEDORA-2022-43488e303c binutils-2.37-27.fc36 15 https://bodhi.fedoraproject.org/updates/FEDORA-2022-14e4bfaa27 libnl3-3.6.0-1.fc36 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-42003bf3a9 libsolv-0.7.22-1.fc36 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e99ae504f5 git-2.36.0-1.fc36 11 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e90643ce61 redhat-rpm-config-217-1.fc36 8 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d880c3988 thunderbird-91.8.0-2.fc36 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e1c4362e53 libtpms-0.9.4-1.20220425gite4d68670e1.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2bd45a5cd8 swtpm-0.7.3-1.20220427gitf2268ee.fc36 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-47789bbc9d selinux-policy-36.8-1.fc36 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-25e14ec39a annobin-10.67-1.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bb9ed3409a switcheroo-control-2.5-1.fc36 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4ea3b9664a power-profiles-daemon-0.11-1.fc36
The following builds have been pushed to Fedora 36 updates-testing
ansible-5.7.0-1.fc36 ansible-core-2.12.5-1.fc36 cifs-utils-6.15-1.fc36 crash-8.0.1-1.fc36 fbrnch-1.1-2.fc36 gap-pkg-openmath-11.5.1-1.fc36 gn-1985-3.20220321gitbd99dbf9.fc36 gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc36 lxqt-globalkeys-1.0.1-1.fc36 mold-1.2.1-1.fc36 nfs-utils-2.6.1-2.rc4.fc36 onedrive-2.4.17-1.fc36 python-dns-lexicon-3.10.0-1.fc36 python-hatch-vcs-0.2.0-2.fc36 python-xds-protos-0.0.11-10.fc36 siril-1.0.1-1.fc36 theme-switcher-2.0.4-10.fc36 variety-0.8.7-1.fc36 vdr-skinnopacity-1.1.10-1.fc36 w3m-0.5.3-55.git20220429.fc36
Details about builds:
================================================================================ ansible-5.7.0-1.fc36 (FEDORA-2022-8ea31b9875) Curated set of Ansible collections included in addition to ansible-core -------------------------------------------------------------------------------- Update Information:
## ansible-core-2.12.5-1 Update to 2.12.5. Fixes rhbz#2078558. Release Notes: h ttps://github.com/ansible/ansible/blob/v2.12.5/changelogs/CHANGELOG-v2.12.rst#v2 -12-5 ## ansible-5.7.0-1 Update to 5.7.0. Release Notes: https://github.com/ansible-community/ansible-build- data/blob/main/5/CHANGELOG-v5.rst#v5-7-0 Porting Guide: https://github.com/ansible-community/ansible-build- data/blob/main/5/porting_guide_5.rst#porting-guide-for-v5-7-0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Maxwell G gotmax@e.email - 5.7.0-1 - Update to 5.7.0. - Fix SyntaxError in fortinet.fortios collection. - Fix rpmlint errors * Mon Apr 25 2022 Maxwell G gotmax@e.email - 5.6.0-2 - Ensure correct version of ansible-core is available at buildtime. - Implement support for epel8. * Wed Apr 6 2022 Kevin Fenzi kevin@scrye.com - 5.6.0-1 - Update to 5.6.0. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2078558 - ansible-core-2.12.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2078558 --------------------------------------------------------------------------------
================================================================================ ansible-core-2.12.5-1.fc36 (FEDORA-2022-8ea31b9875) A radically simple IT automation system -------------------------------------------------------------------------------- Update Information:
## ansible-core-2.12.5-1 Update to 2.12.5. Fixes rhbz#2078558. Release Notes: h ttps://github.com/ansible/ansible/blob/v2.12.5/changelogs/CHANGELOG-v2.12.rst#v2 -12-5 ## ansible-5.7.0-1 Update to 5.7.0. Release Notes: https://github.com/ansible-community/ansible-build- data/blob/main/5/CHANGELOG-v5.rst#v5-7-0 Porting Guide: https://github.com/ansible-community/ansible-build- data/blob/main/5/porting_guide_5.rst#porting-guide-for-v5-7-0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Maxwell G gotmax@e.email - 2.12.5-1 - Update to 2.12.5. Fixes rhbz#2078558. * Sat Apr 2 2022 Maxwell G gotmax@e.email - 2.12.4-1 - Update to 2.12.4. Fixes rhbz#2069384. * Thu Mar 10 2022 Maxwell G gotmax@e.email - 2.12.3-2 - Add patch to fix failing tests and FTBFS with Pytest 7. - Resolves: rhbz#2059937 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2078558 - ansible-core-2.12.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2078558 --------------------------------------------------------------------------------
================================================================================ cifs-utils-6.15-1.fc36 (FEDORA-2022-eb2d3ca94d) Utilities for mounting and managing CIFS mounts -------------------------------------------------------------------------------- Update Information:
This is a security release to address the following bugs: - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing Description CVE-2022-27239: In cifs- utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. Both issues were originally reported and fixed by Jeffrey Bencteux. -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Alexander Bokovoy abokovoy@redhat.com - 6.15-1 - Upstream release 6.15 - CVE-2022-27239: mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs: fix verbose messages on option parsing - Fixes: rhbz#2080525 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080525 - cifs-utils-6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080525 --------------------------------------------------------------------------------
================================================================================ crash-8.0.1-1.fc36 (FEDORA-2022-f770ab78d3) Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles -------------------------------------------------------------------------------- Update Information:
Rebase to upstream crash 8.0.1. -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Lianbo Jiang lijiang@redhat.com - 8.0.1-1 - Rebase to upstream crash 8.0.1 --------------------------------------------------------------------------------
================================================================================ fbrnch-1.1-2.fc36 (FEDORA-2022-4fb9c68b5b) Fedora packager tool to build package branches -------------------------------------------------------------------------------- Update Information:
https://hackage.haskell.org/package/fbrnch-1.1/changelog -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Jens Petersen petersen@redhat.com - 1.1-2 - https://hackage.haskell.org/package/fbrnch-1.1/changelog --------------------------------------------------------------------------------
================================================================================ gap-pkg-openmath-11.5.1-1.fc36 (FEDORA-2022-a1936349fc) Import and export of OpenMath objects for GAP -------------------------------------------------------------------------------- Update Information:
Changes in version 11.5.1: - Change some URLs from http to https - Update URLs in the bibliography - Documentation updates -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Jerry James loganjerry@gmail.com - 11.5.1-1 - Version 11.5.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080552 - gap-pkg-openmath-11.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080552 --------------------------------------------------------------------------------
================================================================================ gn-1985-3.20220321gitbd99dbf9.fc36 (FEDORA-2022-cb54a74655) Meta-build system that generates build files for Ninja -------------------------------------------------------------------------------- Update Information:
Improve handling of bundled ICU components -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1985-3.20220321gitbd99dbf9 - Improve handling of bundled ICU components * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 1985-2.20220321gitbd99dbf9 - Stop numbering patches --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc36 (FEDORA-2022-3082acc458) A gnome-shell extension to show speed of the internet -------------------------------------------------------------------------------- Update Information:
Update to 3.32-0.4.20220421git5a96082 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 3.32-0.4.20220421git5a96082 - Update to 3.32-0.4.20220421git5a96082 --------------------------------------------------------------------------------
================================================================================ lxqt-globalkeys-1.0.1-1.fc36 (FEDORA-2022-7adf7cf0e9) Global keys utility for LXQt desktop suite -------------------------------------------------------------------------------- Update Information:
Update to 1.0.1 to fix bug 2036058 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Zamir SUN sztsian@gmail.com - 1.0.1-1 - Update to 1.0.1 --------------------------------------------------------------------------------
================================================================================ mold-1.2.1-1.fc36 (FEDORA-2022-4091049195) A Modern Linker -------------------------------------------------------------------------------- Update Information:
Bump version to 1.2.1 -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Christoph Erhardt fedora@sicherha.de - 1.2.1-1 - Bump version to 1.2.1 - Drop upstreamed patch - Add support for 32-bit x86 and Arm * Sat Apr 16 2022 Christoph Erhardt fedora@sicherha.de - 1.2-1 - Bump version to 1.2 - Drop upstreamed patches - Set correct version of bundled tbb - Suppress 'comparison between signed and unsigned' warnings -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080023 - mold-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080023 --------------------------------------------------------------------------------
================================================================================ nfs-utils-2.6.1-2.rc4.fc36 (FEDORA-2022-b60800de8a) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information:
nfsrahead: Stop being killed by SIGSEGV -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 28 2022 Steve Dickson steved@redhat.com 2.6.1-2.rc4 - nfsrahead: Stop being killed by SIGSEGV (bz 2078147) * Wed Apr 20 2022 Steve Dickson steved@redhat.com 2.6.1-1.rc4 - Updated to the latest RC release: nfs-utils-2-6-2-rc4 (bz 2022136) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2078147 - [abrt] nfs-utils: dev_from_arg(): nfsrahead killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=2078147 --------------------------------------------------------------------------------
================================================================================ onedrive-2.4.17-1.fc36 (FEDORA-2022-29651bb842) OneDrive Free Client written in D -------------------------------------------------------------------------------- Update Information:
Update to 2.4.17 (#2080550) -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 30 2022 Fedora Release Monitoring release-monitoring@fedoraproject.org - 2.4.17-1 - Update to 2.4.17 (#2080550) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080550 - onedrive-2.4.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080550 --------------------------------------------------------------------------------
================================================================================ python-dns-lexicon-3.10.0-1.fc36 (FEDORA-2022-4facc949f9) Manipulate DNS records on various DNS providers in a standardized/agnostic way -------------------------------------------------------------------------------- Update Information:
Update to 3.10.0 ---- Add gransy and ddns extra packages -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Christian Schuermann spike@fedoraproject.org 3.10.0-1 - Update to 3.10.0 * Thu Apr 28 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-3 - Add "tests" conditional to make tests optional on EPEL - Ensure that BuildRequires resolve correctly and only relevant tests run when building without extras * Tue Apr 26 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-2 - Reenable tests for GoDady, Transip, Namecheap and NamecheapManaged providers - Add gransy and ddns extra packages - Remove explicit BuildRequires (handled by the pyproject_buildrequires macro) - Remove explicit extra package Requires (handled by automatic dependency generator) - Remove unused rhel7 macro * Tue Apr 19 2022 Christian Schuermann spike@fedoraproject.org 3.9.5-1 - update to 3.9.5 --------------------------------------------------------------------------------
================================================================================ python-hatch-vcs-0.2.0-2.fc36 (FEDORA-2022-f3ae4dbd0c) Hatch plugin for versioning with your preferred VCS -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.2.0-2 - Adjust for pyproject-rpm-macros >= 1.1.0 * Fri Apr 22 2022 Benjamin A. Beasley code@musicinmybrain.net 0.2.0-1 - Initial package (close RHBZ#2077832) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2077832 - Review Request: python-hatch-vcs - Hatch plugin for versioning with your preferred VCS https://bugzilla.redhat.com/show_bug.cgi?id=2077832 --------------------------------------------------------------------------------
================================================================================ python-xds-protos-0.0.11-10.fc36 (FEDORA-2022-4c385bd226) ProtoBuf generated Python files for xDS protos -------------------------------------------------------------------------------- Update Information:
Rebuild for python-googleapis-common-protos 1.56.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-10 - Fix release number * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-1 - Drop ���forge��� macros since they do not simplify matters here * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11^20210907gitv1.40.0-2 - Rebuild for googleapis-common-protos 1.56 * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11^20210907gitv1.40.0-1 - Modernize snapshot versioning * Sun May 1 2022 Benjamin A. Beasley code@musicinmybrain.net 0.0.11-10 - Bump min unbundled opentelemetry-proto version --------------------------------------------------------------------------------
================================================================================ siril-1.0.1-1.fc36 (FEDORA-2022-7f841e2d0d) Astronomical image processing software -------------------------------------------------------------------------------- Update Information:
Bugfix release. -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Mattia Verga mattia.verga@protonmail.com 1.0.1-1 - Update to bugfix release 1.0.1 --------------------------------------------------------------------------------
================================================================================ theme-switcher-2.0.4-10.fc36 (FEDORA-2022-c7cf4b732c) Switch dark/light GTK theme automatically during day/night -------------------------------------------------------------------------------- Update Information:
build: Add dep gnome-terminal | GH#13 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Artem Polishchuk ego.cordatus@gmail.com - 2.0.4-10 - build: Add dep gnome-terminal | GH#13 --------------------------------------------------------------------------------
================================================================================ variety-0.8.7-1.fc36 (FEDORA-2022-2b6f62781d) Wallpaper changer that automatically downloads wallpapers -------------------------------------------------------------------------------- Update Information:
Update to 0.8.7-1 ---- Update to 0.8.6-1 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 0.8.7-1 - Update to 0.8.7 * Tue Apr 26 2022 Martin Gansser martinkg@fedoraproject.org - 0.8.6-1 - Update to 0.8.6 --------------------------------------------------------------------------------
================================================================================ vdr-skinnopacity-1.1.10-1.fc36 (FEDORA-2022-7dea8e4388) A highly customizable native true color skin for the Video Disc Recorder -------------------------------------------------------------------------------- Update Information:
Update to 1.1.10-1 -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Martin Gansser martinkg@fedoraproject.org - 1.1.10-1 - Update to 1.1.10 --------------------------------------------------------------------------------
================================================================================ w3m-0.5.3-55.git20220429.fc36 (FEDORA-2022-0e885a50f0) Pager with Web browsing abilities -------------------------------------------------------------------------------- Update Information:
# w3m 0.5.3+git20220429 ## New features - Support kitty's APC G graphics protocol with ImageMagick's `convert` - Support iTerm2's OSC 1337 graphics protocol - New option inline_img_protocol to select the graphics protocol (0: w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G) - New option `ssl_cipher` to specify TLSv1.2 ciphers, e.g. `DEFAULT:@SECLEVEL=2` - New option `ssl_min_version` for OpenSSL 1.1 - New option `-insecure` to use insecure SSL config options - New option `ssl_ca_default`, explicitly use OpenSSL default paths by default - New option `cross_origin_referer`, use origin only Referer when cross origin - New option `localhost_only `to restrict connections only to localhost - New option `disable_center` to disable center alignment - Support brotli content encoding - Ignore the `-` option to accept `w3m -` as "read from stdin" - New `configure` option `--with-cafile` to detect CA bundle file - Support auto-detection for `configure --with-migemo` - Add fuzzer for OSS-Fuzz - Add Italian translation - Add Swedish translation ## Bug fixes - Prevent index overflow and huge allocation due to Str, libwc, and table - Prevent integer overflow due to fontstat - Prevent StrStream memory leak - Prevent GC warnings of repeated allocation - Prevent buffer overflow in shiftAnchorPosition - Prevent buffer overflow READ when parsing Gopher URLs - Prevent buffer overflow in gotoLine and gotoRealLine - Prevent warnings when `-Wnull- dereference`, enabled by default - Prevent warnings when `-Wall`, enabled by default - Prevent warnings from `cppcheck` - Avoid zero length arrays even when GCC - Fix fail to render over 32767 lines in a table cell - Disable `<section>` behaves as `<hr>` - Disable TLSv1.0 and TLSv1.1 by default - Mention a workaround for SSL error - Fix manipulation of `ASN1_STRING` - Don't include username in Referer - Don't set Referer when data URI scheme - Fix broken anchor with link number at EOL - Fix incorrect query string for `w3mman 7z` - Drop `imlib2-config`, use `pkg-config` - Improve named character references - Improve `<dl>` rendering - Prefer Imlib2 over GTK2 by default - Replace encodeB with `base64_encode` to encode null bytes - Wording fixes for `configure --help` -------------------------------------------------------------------------------- ChangeLog:
* Sun May 1 2022 Robert Scheck robert@fedoraproject.org - 0.5.3-55.git20220429 - Rebase to latest upstream gitrev 20220429 (#2080136) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2080136 - w3m-0.5.3+git20220429 is available https://bugzilla.redhat.com/show_bug.cgi?id=2080136 --------------------------------------------------------------------------------