The following Fedora 35 Security updates need testing: Age URL 83 https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9 libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35 75 https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11 mysql-connector-java-8.0.28-1.fc35 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-c87047f163 podman-3.4.7-1.fc35 5 https://bodhi.fedoraproject.org/updates/FEDORA-2022-ad26447c98 epiphany-41.4-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-61f6ee6353 usd-21.11-11.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-f6e24d96b6 esh-0.3.2-1.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bc606b86f4 CuraEngine-4.13.1-2.fc35 2 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f14e2308e chromium-100.0.4896.127-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b freerdp-2.7.0-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-4e6bd7ca62 recutils-1.9-1.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b9f9b2993 suricata-6.0.5-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved: Age URL 37 https://bodhi.fedoraproject.org/updates/FEDORA-2022-925ac7bfff gnome-shell-41.5-1.fc35 mutter-41.5-1.fc35 14 https://bodhi.fedoraproject.org/updates/FEDORA-2022-59b61235bf binutils-2.37-17.fc35 13 https://bodhi.fedoraproject.org/updates/FEDORA-2022-7c355d4e9b fwupd-efi-1.3-1.fc35 12 https://bodhi.fedoraproject.org/updates/FEDORA-2022-17ba61ca06 libguestfs-1.48.1-1.fc35 7 https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35 6 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fff31008f6 langtable-0.0.58-1.fc35 4 https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd04a43eb1 rtkit-0.11-30.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-15778e49e1 libhandy-1.4.1-1.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-54bb9337da annobin-10.66-2.fc35 gcc-11.3.1-2.fc35 3 https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c66e33b1 inih-55-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bdfcd4f5d3 libtpms-0.9.4-0.20220425gite4d68670e1.fc35.0 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-0c44eb0df4 python-rpmautospec-0.2.6-1.fc35 1 https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b freerdp-2.7.0-1.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-5c64120636 samba-4.15.7-0.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e4a46d0bd0 livecd-tools-30.0-1.fc35 0 https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3046139e5 gnutls-3.7.4-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
concordance-1.5-1.fc35 disciplining-minipod-3.0.3-1.fc35 fluidsynth-2.2.7-1.fc35 foot-1.12.1-1.fc35 freeipa-4.9.9-1.fc35 jc-1.18.8-1.fc35 kitty-0.25.0-1.fc35 libretro-mgba-0.1.1-0.7.20220211git5d48e0713.fc35 libretro-nestopia-0-0.7.20220410gita9e197f.13.fc35 libretro-prosystem-0-0.8.20220228gitfbf62c313.fc35 libretro-stella2014-0-0.7.20220409git1351a4f.11.fc35 mingw-freetype-2.11.0-2.fc35 oscillatord-3.0.3-1.fc35 pacemaker-2.1.3-0.1.rc1.fc35 perl-libwww-perl-6.64-1.fc35 pyproject-rpm-macros-1.1.0-1.fc35 python-azure-sdk-tools-0.0.0~git.3.6aabfa3-2.fc35 python-sqlalchemy-1.4.36-1.fc35 python-twilio-7.8.2-1.fc35 qownnotes-22.4.2-1.fc35 ruby-3.0.4-153.fc35 rust-coreos-installer-0.14.0-1.fc35 sdrangel-6.20.2-4.fc35 ubloxcfg-1.13-2.20220420gita46d97c.fc35
Details about builds:
================================================================================ concordance-1.5-1.fc35 (FEDORA-2022-e32eb68ac9) Software to program the Logitech Harmony remote control -------------------------------------------------------------------------------- Update Information:
Update to new upstream release 1.5 (#2079624) -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 28 2022 Scott Talbert swt@techie.net - 1.5-1 - Update to new upstream release 1.5 (#2079624) * Wed Jan 19 2022 Fedora Release Engineering releng@fedoraproject.org - 1.4-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2079624 - concordance-1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2079624 --------------------------------------------------------------------------------
================================================================================ disciplining-minipod-3.0.3-1.fc35 (FEDORA-2022-e7880b5077) Disciplining algorithm for Atomic Reference Time Card -------------------------------------------------------------------------------- Update Information:
Updating oscillatord to 3.0.3 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Alexander Bulimov abulimov@fedoraproject.org 3.0.3-1 - Update to v3.0.3 --------------------------------------------------------------------------------
================================================================================ fluidsynth-2.2.7-1.fc35 (FEDORA-2022-581e1b0fad) Real-time software synthesizer -------------------------------------------------------------------------------- Update Information:
Update to version 2.2.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 26 2022 Christoph Karl <pampelmuse [AT] gmx [DOT] at> - 2.2.7-1 - Update to 2.2.7 --------------------------------------------------------------------------------
================================================================================ foot-1.12.1-1.fc35 (FEDORA-2022-8f9003f126) Fast, lightweight and minimalistic Wayland terminal emulator -------------------------------------------------------------------------------- Update Information:
Update to 1.12.1 (#2079544) ---- - Update to 1.12.0 (#2077953) - Example config was moved to /etc/xdg/foot/foot.ini (upstream change) - Install systemd unit files for foot --server -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 28 2022 Aleksei Bavshin alebastr@fedoraproject.org - 1.12.1-1 - Update to 1.12.1 (#2079544) * Fri Apr 22 2022 Aleksei Bavshin alebastr@fedoraproject.org - 1.12.0-1 - Update to 1.12.0 (#2077953) - Example config was moved to /etc/xdg/foot/foot.ini (upstream change) - Install systemd unit files for foot --server -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2077953 - foot-1.12.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077953 [ 2 ] Bug #2079544 - foot-1.12.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2079544 --------------------------------------------------------------------------------
================================================================================ freeipa-4.9.9-1.fc35 (FEDORA-2022-9a09bf8c22) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information:
FreeIPA 4.9.9 upstream release brings bug fixes. A full list is available in the release notes: https://www.freeipa.org/page/Releases/4.9.9 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Alexander Bokovoy abokovoy@redhat.com - 4.9.9-1 - Upstream release FreeIPA 4.9.9 --------------------------------------------------------------------------------
================================================================================ jc-1.18.8-1.fc35 (FEDORA-2022-3b891e52aa) Serialize the output of CLI tools and file-types to structured JSON -------------------------------------------------------------------------------- Update Information:
Update to v1.18.8 ---- Update to v1.18.7 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artur Frenszek-Iwicki fedora@svgames.pl - 1.18.8-1 - Update to v1.18.8 * Tue Apr 26 2022 Artur Frenszek-Iwicki fedora@svgames.pl - 1.18.7-1 - Update to v1.18.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2078666 - jc-1.18.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=2078666 [ 2 ] Bug #2079529 - jc-1.18.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2079529 --------------------------------------------------------------------------------
================================================================================ kitty-0.25.0-1.fc35 (FEDORA-2022-758bb0e439) Cross-platform, fast, feature full, GPU based terminal emulator -------------------------------------------------------------------------------- Update Information:
version 0.25.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Yaroslav Sidlovsky zawertun@gmail.com - 0.25.0-1 - version 0.25.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2074539 - kitty-0.25.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2074539 --------------------------------------------------------------------------------
================================================================================ libretro-mgba-0.1.1-0.7.20220211git5d48e0713.fc35 (FEDORA-2022-0ef0abc6f1) mGBA Game Boy Advance Emulator -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artem Polishchuk ego.cordatus@gmail.com 0.1.1-13 - chore(update): Latest git snapshot * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0.1.1-0.8.20210903git70ed83c - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libretro-nestopia-0-0.7.20220410gita9e197f.13.fc35 (FEDORA-2022-0f1df94ef7) Nestopia emulator with libretro interface -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artem Polishchuk ego.cordatus@gmail.com 0-13 - chore(update): Latest git snapshot * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0-0.8.20210827gitc24ffe8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libretro-prosystem-0-0.8.20220228gitfbf62c313.fc35 (FEDORA-2022-4850b936e0) Port of ProSystem to the libretro API -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artem Polishchuk ego.cordatus@gmail.com 0-13 - chore(update): Latest git snapshot * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0-0.9.20210924gitc95bbb5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libretro-stella2014-0-0.7.20220409git1351a4f.11.fc35 (FEDORA-2022-ee912e07f8) Port of Stella to libretro -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artem Polishchuk ego.cordatus@gmail.com 0-11 - chore(update): Latest git snapshot * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 0-0.7.20211003git29f648b - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ mingw-freetype-2.11.0-2.fc35 (FEDORA-2022-0985b0cb9f) Free and portable font rendering engine -------------------------------------------------------------------------------- Update Information:
Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Sandro Mani manisandro@gmail.com - 2.11.0-2 - Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2079182 - CVE-2022-27406 mingw-freetype: Freetype: Segmentation violation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079182 [ 2 ] Bug #2079204 - CVE-2022-27404 mingw-freetype: FreeType: Buffer Overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079204 [ 3 ] Bug #2079256 - CVE-2022-27405 mingw-freetype: FreeType: Segementation Fault [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2079256 --------------------------------------------------------------------------------
================================================================================ oscillatord-3.0.3-1.fc35 (FEDORA-2022-e7880b5077) Daemon for disciplining an oscillator -------------------------------------------------------------------------------- Update Information:
Updating oscillatord to 3.0.3 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Alexander Bulimov abulimov@fedoraproject.org 3.0.3-1 - Update to 3.0.3 --------------------------------------------------------------------------------
================================================================================ pacemaker-2.1.3-0.1.rc1.fc35 (FEDORA-2022-d983937dfe) Scalable High-Availability cluster resource manager -------------------------------------------------------------------------------- Update Information:
``` * Mon Apr 25 2022 Klaus Wenninger kwenning@redhat.com - 2.1.3-0.1.rc1 - Update for new upstream tarball for release candidate: Pacemaker-2.1.3-rc1, for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.1.3-rc1 - merged in upstream spec-changes - add nsl-support, remove gnu-coverage - removed explicit BuildRequires for glibc-headers again ``` -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 25 2022 Klaus Wenninger kwenning@redhat.com - 2.1.3-0.1.rc1 - Update for new upstream tarball for release candidate: Pacemaker-2.1.3-rc1, for full details, see included ChangeLog file or https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.1.3-rc1 - merged in upstream spec-changes - add nsl-support, remove gnu-coverage - removed explicit BuildRequires for glibc-headers again -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2077997 - pacemaker-2.1.3-rc1 is available https://bugzilla.redhat.com/show_bug.cgi?id=2077997 --------------------------------------------------------------------------------
================================================================================ perl-libwww-perl-6.64-1.fc35 (FEDORA-2022-9425f33f05) A Perl interface to the World-Wide Web -------------------------------------------------------------------------------- Update Information:
Changes: 6.64 2022-04-26 13:16:03Z - Remove unused variable introduced in 9d73bc422 (GH#411) (Olaf Alders) ---- Changes: 6.63 2022-04-25 15:24:10Z - Redirect on meta refresh (GH#409) (grr) -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Michal Josef ��pa��ek mspacek@redhat.com - 6.64-1 - 6.64 bump * Tue Apr 26 2022 Michal Josef ��pa��ek mspacek@redhat.com - 6.63-1 - 6.63 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2078560 - perl-libwww-perl-6.64 is available https://bugzilla.redhat.com/show_bug.cgi?id=2078560 --------------------------------------------------------------------------------
================================================================================ pyproject-rpm-macros-1.1.0-1.fc35 (FEDORA-2022-49788517c1) RPM macros for PEP 517 Python packages -------------------------------------------------------------------------------- Update Information:
- `%pyproject_save_files`: Support nested directories in dist-info -------------------------------------------------------------------------------- ChangeLog:
* Tue Apr 12 2022 Miro Hron��ok mhroncok@redhat.com - 1.1.0-1 - %pyproject_save_files: Support nested directories in dist-info - Fixes: rhbz#1985340 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1985340 - %pyproject_save_files does not support nested directories in dist-info https://bugzilla.redhat.com/show_bug.cgi?id=1985340 --------------------------------------------------------------------------------
================================================================================ python-azure-sdk-tools-0.0.0~git.3.6aabfa3-2.fc35 (FEDORA-2022-4a055ce0bf) Specific tools for Azure SDK for Python testing -------------------------------------------------------------------------------- Update Information:
Restore the provides for `python3dist(azure-sdk-tools` -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Major Hayden major@mhtx.net - 0.0.0~git.3.6aabfa3-2 - Add provides for azure-sdk-tools. --------------------------------------------------------------------------------
================================================================================ python-sqlalchemy-1.4.36-1.fc35 (FEDORA-2022-014aee0f03) Modular and flexible ORM library for python -------------------------------------------------------------------------------- Update Information:
This is a bugfix release. The [upstream announcement](https://www.sqlalchemy.or g/blog/2022/04/26/sqlalchemy-1.4.36-released/) summarizes and the [changelog](ht tps://docs.sqlalchemy.org/en/14/changelog/changelog_14.html#change-1.4.36) contains a detailed list of changes in version 1.4.36. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Nils Philippsen nils@tiptoe.de - 1.4.36-1 - version 1.4.36 --------------------------------------------------------------------------------
================================================================================ python-twilio-7.8.2-1.fc35 (FEDORA-2022-8bb31ef7f0) Twilio API client and TwiML generator -------------------------------------------------------------------------------- Update Information:
Resolves: rhbz#2072788 python-twilio-7.8.2 is available -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Paul Wouters paul.wouters@aiven.io - 7.8.2-1 - Resolves: rhbz#2072788 python-twilio-7.8.2 is available -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2072788 - python-twilio-7.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2072788 --------------------------------------------------------------------------------
================================================================================ qownnotes-22.4.2-1.fc35 (FEDORA-2022-16a0734107) Plain-text file markdown note taking with Nextcloud integration -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Artem Polishchuk ego.cordatus@gmail.com 22.4.2-1 - chore(update): 22.4.2 --------------------------------------------------------------------------------
================================================================================ ruby-3.0.4-153.fc35 (FEDORA-2022-8cf0124add) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information:
Upgrade to Ruby 3.0.4. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 V��t Ondruch vondruch@redhat.com - 3.0.4-153 - Fix loading of default gems. Resolves: rhbz#2027099 * Tue Apr 19 2022 V��t Ondruch vondruch@redhat.com - 3.0.4-152 - Upgrade to Ruby 3.0.4. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2025104 - CVE-2021-41817 ruby: Regular expression denial of service vulnerability of Date parsing methods https://bugzilla.redhat.com/show_bug.cgi?id=2025104 [ 2 ] Bug #2026752 - CVE-2021-41816 ruby: buffer overflow in CGI.escape_html https://bugzilla.redhat.com/show_bug.cgi?id=2026752 [ 3 ] Bug #2026757 - CVE-2021-41819 ruby: Cookie prefix spoofing in CGI::Cookie.parse https://bugzilla.redhat.com/show_bug.cgi?id=2026757 [ 4 ] Bug #2075685 - CVE-2022-28738 Ruby: Double free in Regexp compilation https://bugzilla.redhat.com/show_bug.cgi?id=2075685 [ 5 ] Bug #2075687 - CVE-2022-28739 Ruby: Buffer overrun in String-to-Float conversion https://bugzilla.redhat.com/show_bug.cgi?id=2075687 --------------------------------------------------------------------------------
================================================================================ rust-coreos-installer-0.14.0-1.fc35 (FEDORA-2022-b5d122ac00) Installer for Fedora CoreOS and RHEL CoreOS -------------------------------------------------------------------------------- Update Information:
New upstream release; see release notes at https://github.com/coreos/coreos- installer/releases/tag/v0.14.0. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Jonathan Lebon jonathan@jlebon.com - 0.14.0-1 - New release --------------------------------------------------------------------------------
================================================================================ sdrangel-6.20.2-4.fc35 (FEDORA-2022-2b642b0697) Software defined radio (SDR) and signal analyzer frontend to various hardware -------------------------------------------------------------------------------- Update Information:
This is an update using distro's optimization flags, not the -march=native. -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Jaroslav ��karvada jskarvad@redhat.com - 6.20.2-4 - Used distro's optimization flags, not the -march=native * Tue Apr 26 2022 Jaroslav ��karvada jskarvad@redhat.com - 6.20.2-3 - Rebuilt for new uhd Resolves: rhbz#2077805 * Thu Apr 7 2022 Jaroslav ��karvada jskarvad@redhat.com - 6.20.2-2 - Rebuilt for new QT Resolves: rhbz#2071950 * Thu Mar 31 2022 Jaroslav ��karvada jskarvad@redhat.com - 6.20.2-1 - New version Resolves: rhbz#2070713 * Thu Mar 31 2022 Jaroslav ��karvada jskarvad@redhat.com - 6.20.1-2 - Rebuilt for new QT5 Resolves: rhbz#2070663 --------------------------------------------------------------------------------
================================================================================ ubloxcfg-1.13-2.20220420gita46d97c.fc35 (FEDORA-2022-e7880b5077) u-blox 9 positioning receivers configuration library and tool -------------------------------------------------------------------------------- Update Information:
Updating oscillatord to 3.0.3 -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 27 2022 Alexander Bulimov abulimov@fedoraproject.org 1.13-2 - Update to 1.13-1.20220420gita46d97c.el8 --------------------------------------------------------------------------------