The following Fedora 28 Security updates need testing: Age URL 271 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 220 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 219 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 212 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013 unrtf-0.21.9-8.fc28 180 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf docker-latest-1.13.1-37.git9cb56fd.fc28 95 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 52 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790 mupdf-1.14.0-6.fc28 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fe6a4d75 nagios-4.4.2-3.fc28 33 https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbcb80405c nbdkit-1.4.4-1.fc28 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2abadd4469 haproxy-1.8.15-1.fc28 23 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b tomcat-8.5.35-1.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e4732930df beep-1.3-26.fc28 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-36320c03cd electron-cash-3.3.4-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4dc2ccb142 electrum-3.2.4-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-944ff52ce6 php-horde-Horde-Image-2.5.4-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-24dc022a51 gnutls-3.6.5-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d1b5cf0055 wget-1.20.1-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8deebad756 perl-Email-Address-1.912-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c424e3bb72 golang-1.10.7-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f8cadd5ff thunderbird-60.4.0-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-348547a32d chromium-71.0.3578.98-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-01afc2352f mingw-nettle-3.4.1-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-541a12b809 python3-3.6.8-1.fc28 python3-docs-3.6.8-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac7e19b0c8 krb5-1.16.1-24.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 47 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 40 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c86898e4a7 gdb-8.1.1-4.fc28 35 https://bodhi.fedoraproject.org/updates/FEDORA-2018-12c54ca4bf gjs-1.52.5-1.fc28 26 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 25 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9963fc558e efivar-37-1.fc28 22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-816dbc3486 osinfo-db-20181214-1.fc28 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e highlight-3.48-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-24dc022a51 gnutls-3.6.5-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6ae95964c0 rsync-3.1.3-4.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4a2458eb49 hwdata-0.319-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-541a12b809 python3-3.6.8-1.fc28 python3-docs-3.6.8-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f8cadd5ff thunderbird-60.4.0-1.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-af22d27d88 libical-3.0.4-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac7e19b0c8 krb5-1.16.1-24.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-729922a177 analitza-18.04.3-3.fc28 appmenu-qt5-0.3.0+16.10.20160628.1-11.fc28 calibre-3.34.0-2.fc28 dnscrypt-proxy-gui-1.21.16-2.fc28 fcitx-qt5-1.2.3-4.fc28 gammaray-2.9.0-5.fc28 gsettings-qt-0-0.11.20170715bzr83.fc28.3 hedgewars-0.9.24.1-4.fc28 kf5-akonadi-server-18.08.3-2.fc28 kf5-frameworkintegration-5.53.0-3.fc28 kf5-kdeclarative-5.53.0-3.fc28 kf5-kwayland-5.53.0-3.fc28 kf5-kxmlgui-5.53.0-3.fc28 kwin-5.13.5-2.fc28 libfm-qt-0.11.2-13.fc28 libqtxdg-2.0.0-14.fc28 lxqt-qtplugin-0.11.1-13.fc28 mscore-2.2.1-6.fc28 plasma-integration-5.13.5-2.fc28 pyotherside-1.5.3-14.fc28 python-qt5-5.10.1-5.fc28 pythonqt-3.2-11.fc28 qgnomeplatform-0.5-6.fc28 qstardict-1.3-5.fc28 qt-creator-4.6.2-3.fc28 qt5-5.11.3-1.fc28 qt5-qt3d-5.11.3-1.fc28 qt5-qtbase-5.11.3-1.fc28 qt5-qtcanvas3d-5.11.3-1.fc28 qt5-qtcharts-5.11.3-1.fc28 qt5-qtconnectivity-5.11.3-1.fc28 qt5-qtdatavis3d-5.11.3-1.fc28 qt5-qtdeclarative-5.11.3-1.fc28 qt5-qtdoc-5.11.3-1.fc28 qt5 -qtenginio-1.6.2-20.fc28 qt5-qtgamepad-5.11.3-1.fc28 qt5-qtgraphicaleffects-5.11.3-1.fc28 qt5-qtimageformats-5.11.3-1.fc28 qt5-qtlocation-5.11.3-1.fc28 qt5-qtmultimedia-5.11.3-1.fc28 qt5-qtquickcontrols-5.11.3-1.fc28 qt5-qtquickcontrols2-5.11.3-1.fc28 qt5-qtremoteobjects-5.11.3-1.fc28 qt5-qtscript-5.11.3-1.fc28 qt5-qtscxml-5.11.3-1.fc28 qt5-qtsensors-5.11.3-1.fc28 qt5-qtserialbus-5.11.3-1.fc28 qt5-qtserialport-5.11.3-1.fc28 qt5-qtspeech-5.11.3-1.fc28 qt5-qtstyleplugins-5.0.0-29.fc28 qt5-qtsvg-5.11.3-1.fc28 qt5-qttools-5.11.3-1.fc28 qt5-qttranslations-5.11.3-1.fc28 qt5-qtvirtualkeyboard-5.11.3-1.fc28 qt5-qtwayland-5.11.3-1.fc28 qt5-qtwebchannel-5.11.3-1.fc28 qt5-qtwebengine-5.11.3-2.fc28 qt5-qtwebkit-5.212.0-0.31.alpha2.fc28 qt5-qtwebsockets-5.11.3-1.fc28 qt5-qtwebview-5.11.3-1.fc28 qt5-qtx11extras-5.11.3-1.fc28 qt5-qtxmlpatterns-5.11.3-1.fc28 qt5ct-0.35-3.fc28 qtcurve-1.9.1-2.fc28 skrooge-2.14.0-3.fc28 texmaker-5.0.2-7.fc28 ugene-1.31.0-4.fc28 xdg-desktop-portal-kde-5.13.5-3.fc28 ya rock-1.3.1-3.fc28
The following builds have been pushed to Fedora 28 updates-testing
cacti-1.2.0-2.fc28 cacti-spine-1.2.0-2.fc28 copyq-3.7.2-1.fc28 fotoxx-19.0-1.fc28 incron-0.5.12-9.fc28 json-3.5.0-1.fc28 libmateweather-1.20.2-1.fc28 libreport-2.9.5-3.fc28 libsodium-1.0.17-1.fc28 libwebsockets-3.0.1-2.fc28 mingw-uriparser-0.9.1-1.fc28 mosquitto-1.5.5-2.fc28 phan-1.2.0-1.fc28 php-cs-fixer-2.14.0-1.fc28 php-horde-Horde-Form-2.0.19-1.fc28 php-horde-imp-6.2.23-1.fc28 php-horde-kronolith-4.2.26-1.fc28 php-symfony3-3.4.21-1.fc28 printrun-2.0.0-0.8.rc5.fc28 purple-facebook-0.9.5-13.9ff9acf9fa14.fc28 python-django-2.0.10-1.fc28 python-moksha-hub-1.5.14-1.fc28 python-tvb-gdist-1.5.6-3.fc28 syncthing-1.0.0-1.fc28 tor-0.3.4.10-1.fc28 uriparser-0.9.1-1.fc28 wireshark-2.6.5-2.fc28
Details about builds:
================================================================================ cacti-1.2.0-2.fc28 (FEDORA-2019-fd19dc0edb) An rrd based graphing tool -------------------------------------------------------------------------------- Update Information:
- Update to 1.2.0 Release notes: https://www.cacti.net/release_notes.php?version=1.2.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 6 2019 Morten Stevens mstevens@fedoraproject.org - 1.2.0-2 - Spec file improvements - Updated PHP libs/extensions * Thu Jan 3 2019 Morten Stevens mstevens@fedoraproject.org - 1.2.0-1 - Update to 1.2.0 - Provide nginx support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1581555 - 1.1.38 - ERROR PHP WARNING: sizeof(): Parameter must be an array or an object that implements Countable in file: /usr/share/cacti/lib/utility.php https://bugzilla.redhat.com/show_bug.cgi?id=1581555 --------------------------------------------------------------------------------
================================================================================ cacti-spine-1.2.0-2.fc28 (FEDORA-2019-fd19dc0edb) Threaded poller for Cacti written in C -------------------------------------------------------------------------------- Update Information:
- Update to 1.2.0 Release notes: https://www.cacti.net/release_notes.php?version=1.2.0 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 6 2019 Morten Stevens mstevens@fedoraproject.org - 1.2.0-2 - Use spine.conf as default * Thu Jan 3 2019 Morten Stevens mstevens@fedoraproject.org - 1.2.0-1 - Update to 1.2.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1581555 - 1.1.38 - ERROR PHP WARNING: sizeof(): Parameter must be an array or an object that implements Countable in file: /usr/share/cacti/lib/utility.php https://bugzilla.redhat.com/show_bug.cgi?id=1581555 --------------------------------------------------------------------------------
================================================================================ copyq-3.7.2-1.fc28 (FEDORA-2019-5da221b6ee) Advanced clipboard manager -------------------------------------------------------------------------------- Update Information:
Upstream release rhbz#1662682 -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 31 2018 Gerald Cox gbcox@fedoraproject.org - 3.7.2-1 - Upstream release rhbz#1662682 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1662682 - CopyQ - Upstream release v3.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=1662682 --------------------------------------------------------------------------------
================================================================================ fotoxx-19.0-1.fc28 (FEDORA-2019-69d1ad90ba) Photo editor -------------------------------------------------------------------------------- Update Information:
19.0 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Gwyn Ciesla limburgher@gmail.com - 19.0-1 - 19.0 --------------------------------------------------------------------------------
================================================================================ incron-0.5.12-9.fc28 (FEDORA-2019-75bfa8d4a2) Inotify cron system -------------------------------------------------------------------------------- Update Information:
Add fix the zombie / defunct processes. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 5 2019 Kevin Fenzi kevin@scrye.com - 0.5.12-9 - Add patch to prevent zombies from upstream post release commits. Fixes bug #1656939 * Tue Jul 17 2018 Kevin Fenzi kevin@scrye.com - 0.5.12-8 - Fix FTBFS by adding BuildRequires: gcc-c++ * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.5.12-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1656939 - Incron causes defunct processes https://bugzilla.redhat.com/show_bug.cgi?id=1656939 --------------------------------------------------------------------------------
================================================================================ json-3.5.0-1.fc28 (FEDORA-2019-a475b8b890) JSON for Modern C++ -------------------------------------------------------------------------------- Update Information:
New Features ====================== * Structured bindings are now supported for JSON objects and arrays via the items() member function, so finally this code is possible: ```c++ for (auto& [key, val] : j.items()) { std::cout << key << ':' << val << '\n'; } ``` * Added support for reading from FILE* to support situations in which streams are nit available or would require too much RAM. #1370 #1392 Bug Fixes =================== * The eofbit was not set for input streams when the end of a stream was reached while parsing. #1340 #1343 * Fixed a bug in the SAX parser for BSON arrays. Improvements ====================== * Added support for Clang 5.0.1 (PS4 version). #1341 #1342 Further Changes ========================== * Added a warning for implicit conversions to the documentation: It is not recommended to use implicit conversions when reading from a JSON value. Details about this recommendation can be found here. #1363 * Fixed typos in the documentation. #1329 #1380 #1382 * Fixed a C4800 warning. #1364 * Fixed a -Wshadow warning #1346 * Wrapped std::snprintf calls to avoid error in MSVC. #1337 * Added code to allow installation via Meson. #1345 Deprecated functions =========================== This release does not deprecate any functions. As an overview, the following functions have been deprecated in earlier versions and will be removed in the next major version (i.e., 4.0.0): * Function iterator_wrapper are deprecated. Please use the member function items() instead. * Functions `friend std::istream& operator<<(basic_json&, std::istream&)` and `friend std::ostream& operator>>(const basic_json&, std::ostream&)` are deprecated. Please use friend `std::istream& operator>>(std::istream&, basic_json&)` and `friend operator<<(std::ostream&, const basic_json&)` instead. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Vitaly Zaitsev vitaly@easycoding.org - 3.5.0-1 - Updated to version 3.5.0. --------------------------------------------------------------------------------
================================================================================ libmateweather-1.20.2-1.fc28 (FEDORA-2019-348975e99f) Libraries to allow MATE Desktop to display weather information -------------------------------------------------------------------------------- Update Information:
- update to 1.20.2 - re-work build requires -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Wolfgang Ulbrich fedora@raveit.de - 1.20.2-1 - update to 1.20.2 release - update build requires --------------------------------------------------------------------------------
================================================================================ libreport-2.9.5-3.fc28 (FEDORA-2019-7b2fd2d414) Generic library for reporting various problems -------------------------------------------------------------------------------- Update Information:
- Use new `minor_update` flag to update Bugzillas to limit number of e-mail notifications. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Martin Kutlak mkutlak@redhat.com 2.9.5-3 - Add BuildRequires for git to apply the patches * Mon Jan 7 2019 Martin Kutlak mkutlak@redhat.com 2.9.5-2 - lib: Seek beginning of mountinfo file - rhbz: Replace nomail flag with minor_update --------------------------------------------------------------------------------
================================================================================ libsodium-1.0.17-1.fc28 (FEDORA-2019-88e3a605f7) The Sodium crypto library -------------------------------------------------------------------------------- Update Information:
** Version 1.0.17** - Bug fix: `sodium_pad()` didn't properly support block sizes >= 256 bytes. - JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly module; fall back to Javascript on these. - JS/WebAssembly: compatibility with newer Emscripten versions. - Bug fix: `crypto_pwhash_scryptsalsa208sha256_str_verify()` and `crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()` didn't return `EINVAL` on input strings with a short length, unlike their high-level counterpart. - Added a workaround for Visual Studio 2010 bug causing CPU features not to be detected. - Portability improvements. - Test vectors from Project Wycheproof have been added. - New low-level APIs for arithmetic mod the order of the prime order group: `crypto_core_ed25519_scalar_random()`, `crypto_core_ed25519_scalar_reduce()`, `crypto_core_ed25519_scalar_invert()`, `crypto_core_ed25519_scalar_negate()`, `crypto_core_ed25519_scalar_complement()`, `crypto_core_ed25519_scalar_add()` and `crypto_core_ed25519_scalar_sub()`. - New low-level APIs for scalar multiplication without clamping: `crypto_scalarmult_ed25519_base_noclamp()` and `crypto_scalarmult_ed25519_noclamp()`. These new APIs are especially useful for blinding. - `sodium_sub()` has been implemented. - Support for WatchOS has been added. - getrandom(2) is now used on FreeBSD 12+. - The `nonnull` attribute has been added to all relevant prototypes. - More reliable AVX512 detection. - Javascript/Webassembly builds now use dynamic memory growth. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Remi Collet remi@remirepo.net - 1.0.17-1 - update to 1.0.17 --------------------------------------------------------------------------------
================================================================================ libwebsockets-3.0.1-2.fc28 (FEDORA-2019-e57a344074) A lightweight C library for Websockets -------------------------------------------------------------------------------- Update Information:
Rebuild for libwebsockets 3.x ---- Update to latest upstream release 3.0.1 (rhbz#1604687) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Peter Robinson pbrobinson@fedoraproject.org 3.0.1-2 - Add libuv-devel Requires to devel package * Tue Dec 18 2018 Fabian Affolter mail@fabian-affolter.ch - 3.0.1-1 - Update to latest upstream release 3.0.1 (rhbz#1604687) * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 3.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Mon May 7 2018 Fabian Affolter mail@fabian-affolter.ch - 3.0.0-1 - Update to latest upstream release 3.0.0 (rhbz#1575605) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1604687 - libwebsockets: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604687 --------------------------------------------------------------------------------
================================================================================ mingw-uriparser-0.9.1-1.fc28 (FEDORA-2019-776855b285) MinGW Windows uriparser library -------------------------------------------------------------------------------- Update Information:
Update to uriparser-0.9.1, see https://raw.githubusercontent.com/uriparser/uriparser/uriparser-0.9.1/Change... for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Sandro Mani manisandro@gmail.com - 0.9.1-1 - Update to 0.9.1 --------------------------------------------------------------------------------
================================================================================ mosquitto-1.5.5-2.fc28 (FEDORA-2019-e57a344074) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information:
Rebuild for libwebsockets 3.x ---- Update to latest upstream release 3.0.1 (rhbz#1604687) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Peter Robinson pbrobinson@fedoraproject.org 1.5.5-2 - Rebuild for libwebsockets 3.x -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1604687 - libwebsockets: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604687 --------------------------------------------------------------------------------
================================================================================ phan-1.2.0-1.fc28 (FEDORA-2019-d6ff22e1c7) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information:
05 Jan 2019, **Phan 1.2.0** **New features(Analysis):** + Infer match keys of `$matches` for a wider range of regexes (e.g. non-capturing groups, named subgroups) (#2294) + Improve detection of invalid arguments in code implicitly calling `__invoke`. + Support extracting template types from more forms of `callable` types. (#2264) + Support `@phan-assert`, `@phan-assert-true- condition`, and `@phan-assert-false-condition`. Examples of side effects when this annotation is used on a function/method declaration: - `@phan-assert int $x` will assert that the argument to the parameter `$x` is of type `int`. - `@phan-assert !false $x` will assert that the argument to the parameter `$x` is not false. - `@phan-assert !\Traversable $x` will assert that the argument to the parameter `$x` is not `Traversable` (or a subclass) - `@phan-assert-true- condition $x` will make Phan infer that the argument to parameter `$x` is truthy if the function returned successfully. - `@phan-assert-false-condition $x` will make Phan infer that the argument to parameter `$x` is falsey if the function returned successfully. - This can be used in combination with Phan's template support. See [tests/plugin_test/src/072_custom_assertions.php](tests /plugin_test/src/072_custom_assertions.php) for example uses of these annotations. + Suggest typo fixes when emitting `PhanUnusedVariable`, if only one definition was seen. (#2281) + Infer that `new $x` is of the template type `T` if `$x` is `class-string<T>` (#2257) **Plugins:** - Add `PHPUnitAssertionPlugin`. This plugin will make Phan infer side effects from some of the uses of the helper methods PHPUnit provides within test cases. - Infer that a condition is truthy from `assertTrue()` and `assertNotFalse()` (e.g. `assertTrue($x instanceof MyClass)`) - Infer that a condition is null/not null from `assertNull()` and `assertNotNull()` - Infer class type of `$actual` from `assertInstanceOf(MyClass::class, $actual)` - Infer that `$actual` has the exact type of `$expected` after calling `assertSame($expected, $actual)` - Other methods aren't supported yet. **Bug fixes:** - Infer that some internal classes' properties (such as `\Exception->message`) are protected (#2283) - Fix a crash running Phan without php-ast when no files were parsed (#2287) ---- 30 Dec 2018, **Phan 1.1.10** **New features(Analysis):** + Add suggestions if to `PhanUndeclaredConstant` issue messages about undeclared global constants, if possible. (#2240) Suggestions include other global constants, variables, class constants, properties, and function names. + Warn about `continue` and `break` with no matching loop/switch scope. (#1869) New issue types: `PhanContinueOrBreakTooManyLevels`, `PhanContinueOrBreakNotInLoop` + Warn about `continue` statements targeting `switch` control structures (doing the same thing as a `break`) (#1869) New issue types: `PhanContinueTargetingSwitch` + Support inferring template types from array keys. int/string/mixed can be inferred from `array<TKey,\someType>` when `@template TKey` is in the class/function-like scope. + Phan can now infer template types from even more categories of parameter types in constructors and regular functions/methods. (#522) - infer `T` from `Closure(T):\OtherClass` and `callable(T):\OtherClass` - infer `T` from `array{keyName:T}` - infer `TKey` from `array<TKey,\OtherClass>` (as int, string, or mixed) **Bug fixes:** + Refactor the way `@template` annotations are parsed on classes and function- likes to avoid various edge cases (#2253) + Fix a bug causing Phan to fail to analyze closures/uses of closures when used inline (e.g. in function calls) -------------------------------------------------------------------------------- ChangeLog:
* Sun Jan 6 2019 Remi Collet remi@remirepo.net - 1.2.0-1 - update to 1.2.0 * Mon Dec 31 2018 Remi Collet remi@remirepo.net - 1.1.10-1 - update to 1.1.10 --------------------------------------------------------------------------------
================================================================================ php-cs-fixer-2.14.0-1.fc28 (FEDORA-2019-8d2d3a7bd3) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information:
Changelog for v2.14.0 --------------------- * bug #4220 NativeFunctionInvocationFixer - namespaced strict to remove backslash (kubawerlos) * feature #3881 Add PhpdocVarAnnotationCorrectOrderFixer (kubawerlos) * feature #3915 Add HeredocIndentationFixer (gharlan) * feature #4002 NoSuperfluousPhpdocTagsFixer - Allow `mixed` in superfluous PHPDoc by configuration (MortalFlesh) * feature #4030 Add get_required_files and user_error aliases (ntzm) * feature #4043 NativeFunctionInvocationFixer - add option to remove redundant backslashes (kubawerlos) * feature #4102 Add NoUnsetCastFixer (SpacePossum) * minor #4025 Add phpdoc_types_order rule to Symfony's ruleset (carusogabriel) * minor #4213 [7.3] PHP7.3 integration tests (SpacePossum) * minor #4233 Add official support for PHP 7.3 (keradus) ---- Changelog for v2.13.3 --------------------- * bug #4216 Psr4Fixer - fix for multiple classy elements in file (keradus, kubawerlos) * bug #4217 Psr0Fixer - class with anonymous class (kubawerlos) * bug #4219 NativeFunctionCasingFixer - handle T_RETURN_REF (kubawerlos) * bug #4224 FunctionToConstantFixer - handle T_RETURN_REF (SpacePossum) * bug #4229 IsNullFixer - fix parenthesis not closed (guilliamxavier) * minor #4193 [7.3] CombineNestedDirnameFixer - support PHP 7.3 (kubawerlos) * minor #4198 [7.3] PowToExponentiationFixer - adding to PHP7.3 integration test (kubawerlos) * minor #4199 [7.3] MethodChainingIndentationFixer - add tests for PHP 7.3 (kubawerlos) * minor #4200 [7.3] ModernizeTypesCastingFixer - support PHP 7.3 (kubawerlos) * minor #4201 [7.3] MultilineWhitespaceBeforeSemicolonsFixer - add tests for PHP 7.3 (kubawerlos) * minor #4202 [7.3] ErrorSuppressionFixer - support PHP 7.3 (kubawerlos) * minor #4205 DX: PhpdocAlignFixer - refactor to use DocBlock (kubawerlos) * minor #4206 DX: enable multiline_whitespace_before_semicolons (keradus) * minor #4207 [7.3] RandomApiMigrationFixerTest - tests for 7.3 (SpacePossum) * minor #4208 [7.3] NativeFunctionCasingFixerTest - tests for 7.3 (SpacePossum) * minor #4209 [7.3] PhpUnitStrictFixerTest - tests for 7.3 (SpacePossum) * minor #4210 [7.3] PhpUnitConstructFixer - add test for PHP 7.3 (kubawerlos) * minor #4211 [7.3] PhpUnitDedicateAssertFixer - support PHP 7.3 (kubawerlos) * minor #4214 [7.3] NoUnsetOnPropertyFixerTest - tests for 7.3 (SpacePossum) * minor #4222 [7.3] PhpUnitExpectationFixer - support PHP 7.3 (kubawerlos) * minor #4223 [7.3] PhpUnitMockFixer - add tests for PHP 7.3 (kubawerlos) * minor #4230 [7.3] IsNullFixer - fix trailing comma (guilliamxavier) * minor #4232 DX: remove Utils::splitLines (kubawerlos) * minor #4234 [7.3] Test that "LITERAL instanceof X" is valid (guilliamxavier) ---- Changelog for v2.13.2 --------------------- * bug #3968 SelfAccessorFixer - support FQCN (kubawerlos) * bug #3974 Psr4Fixer - class with anonymous class (kubawerlos) * bug #3987 Run HeaderCommentFixer after NoBlankLinesAfterPhpdocFixer (StanAngeloff) * bug #4009 TypeAlternationTransformer - Fix pipes in function call with constants being classified incorrectly (ntzm, SpacePossum) * bug #4022 NoUnsetOnPropertyFixer - refactor and bugfixes (kubawerlos) * bug #4036 ExplicitStringVariableFixer - fixes for backticks and for 2 variables next to each other (kubawerlos, Slamdunk) * bug #4038 CommentToPhpdocFixer - handling nested PHPDoc (kubawerlos) * bug #4064 Ignore invalid mode strings, add option to remove the "b" flag. (SpacePossum) * bug #4071 DX: do not insert Token when calling removeLeadingWhitespace/removeTrailingWhitespace from Tokens (kubawerlos) * bug #4073 IsNullFixer - fix function detection (kubawerlos) * bug #4074 FileFilterIterator - do not filter out files that need fixing (SpacePossum) * bug #4076 EregToPregFixer - fix function detection (kubawerlos) * bug #4084 MethodChainingIndentation - fix priority with Braces (dmvdbrugge) * bug #4099 HeaderCommentFixer - throw exception on invalid header configuration (SpacePossum) * bug #4100 PhpdocAddMissingParamAnnotationFixer - Handle variable number of arguments and pass by reference cases (SpacePossum) * bug #4101 ReturnAssignmentFixer - do not touch invalid code (SpacePossum) * bug #4104 Change transformers order, fixing untransformed T_USE (dmvdbrugge) * bug #4107 Preg::split - fix for non-UTF8 subject (ostrolucky, kubawerlos) * bug #4109 NoBlankLines*: fix removing lines consisting only of spaces (kubawerlos, keradus) * bug #4114 VisibilityRequiredFixer - don't remove comments (kubawerlos) * bug #4116 OrderedImportsFixer - fix sorting without any grouping (SpacePossum) * bug #4119 PhpUnitNoExpectationAnnotationFixer - fix extracting content from annotation (kubawerlos) * bug #4127 LowercaseConstantsFixer - Fix case with properties using constants as their name (srathbone) * bug #4134 [7.3] SquareBraceTransformer - nested array destructuring not handled correctly (SpacePossum) * bug #4153 PhpUnitFqcnAnnotationFixer - handle only PhpUnit classes (kubawerlos) * bug #4169 DirConstantFixer - Fixes for PHP7.3 syntax (SpacePossum) * bug #4181 MultilineCommentOpeningClosingFixer - fix handling empty comment (kubawerlos) * bug #4186 Tokens - fix removal of leading/trailing whitespace with empty token in collection (kubawerlos) * minor #3436 Add a handful of integration tests (BackEndTea) * minor #3774 PhpUnitTestClassRequiresCoversFixer - Remove unneeded loop and use phpunit indicator class (BackEndTea, SpacePossum) * minor #3778 DX: Throw an exception if FileReader::read fails (ntzm) * minor #3916 New ruleset "@PhpCsFixer" (gharlan) * minor #4007 Fixes cookbook for fixers (greeflas) * minor #4031 Correct FixerOptionBuilder::getOption return type (ntzm) * minor #4046 Token - Added fast isset() path to token->equals() (staabm) * minor #4047 Token - inline $other->getPrototype() to speedup equals() (staabm, keradus) * minor #4048 Tokens - inlined extractTokenKind() call on the hot path (staabm) * minor #4069 DX: Add dev-tools directory to gitattributes as export-ignore (alexmanno) * minor #4070 Docs: Add link to a VS Code extension in readme (jakebathman) * minor #4077 DX: cleanup - NoAliasFunctionsFixer - use FunctionsAnalyzer (kubawerlos) * minor #4088 Add Travis test with strict types (kubawerlos) * minor #4091 Adjust misleading sentence in CONTRIBUTING.md (ostrolucky) * minor #4092 UseTransformer - simplify/optimize (SpacePossum) * minor #4095 DX: Use ::class (keradus) * minor #4096 DX: fixing typo (kubawerlos) * minor #4097 DX: namespace casing (kubawerlos) * minor #4110 Enhancement: Update localheinz/composer-normalize (localheinz) * minor #4115 Changes for upcoming Travis' infra migration (sergeyklay) * minor #4122 DX: AppVeyor - Update Composer download link (SpacePossum) * minor #4128 DX: cleanup - AbstractFunctionReferenceFixer - use FunctionsAnalyzer (SpacePossum, kubawerlos) * minor #4129 Fix: Symfony 4.2 deprecations (kubawerlos) * minor #4139 DX: Fix CircleCI (kubawerlos) * minor #4142 [7.3] NoAliasFunctionsFixer - mbregex_encoding' => 'mb_regex_encoding (SpacePossum) * minor #4143 PhpUnitTestCaseStaticMethodCallsFixer - Add PHPUnit 7.5 new assertions (Slamdunk) * minor #4149 [7.3] ArgumentsAnalyzer - PHP7.3 support (SpacePossum) * minor #4161 DX: CI - show packages installed via Composer (keradus) * minor #4162 DX: Drop symfony/lts (keradus) * minor #4166 DX: do not use AbstractFunctionReferenceFixer when no need to (kubawerlos) * minor #4168 DX: FopenFlagsFixer - remove useless proxy method (SpacePossum) * minor #4171 Fix CircleCI cache (kubawerlos) * minor #4173 [7.3] PowToExponentiationFixer - add support for PHP7.3 (SpacePossum) * minor #4175 Fixing typo (kubawerlos) * minor #4177 CI: Check that tag is matching version of PHP CS Fixer during deployment (keradus) * minor #4180 Fixing typo (kubawerlos) * minor #4182 DX: update php- cs-fixer file style (kubawerlos) * minor #4185 [7.3] ImplodeCallFixer - add tests for PHP7.3 (kubawerlos) * minor #4187 [7.3] IsNullFixer - support PHP 7.3 (kubawerlos) * minor #4188 DX: cleanup (keradus) * minor #4189 Travis - add PHP 7.3 job (keradus) * minor #4190 Travis CI - fix config (kubawerlos) * minor #4192 [7.3] MagicMethodCasingFixer - add tests for PHP 7.3 (kubawerlos) * minor #4194 [7.3] NativeFunctionInvocationFixer - add tests for PHP 7.3 (kubawerlos) * minor #4195 [7.3] SetTypeToCastFixer - support PHP 7.3 (kubawerlos) * minor #4196 Update website (keradus) * minor #4197 [7.3] StrictParamFixer - support PHP 7.3 (kubawerlos) -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 5 2019 Remi Collet remi@remirepo.net - 2.14.0-1 - update to 2.14.0 * Wed Jan 2 2019 Remi Collet remi@remirepo.net - 2.13.2-1 - update to 2.13.2 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Form-2.0.19-1.fc28 (FEDORA-2019-fb2ce5f6d9) Horde Form API -------------------------------------------------------------------------------- Update Information:
**Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to potential directory traversal in Image uploads (An independent security researcher has reported this vulnerability to SecuriTeam Secure Disclosure program). -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Remi Collet remi@remirepo.net - 2.0.19-1 - update to 2.0.19 - use range dependencies --------------------------------------------------------------------------------
================================================================================ php-horde-imp-6.2.23-1.fc28 (FEDORA-2019-1320dc1797) A web based webmail system -------------------------------------------------------------------------------- Update Information:
**imp 6.2.23** * [mjr] Fix attachment handling in minimal mode (PR #3, Thorsten Kahler). * [mjr] Fix regular expression error with PHP 7.3. * [mjr] Fix fatal error when requested attachment not found in minimal mode. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Remi Collet remi@remirepo.net - 6.2.23-1 - update to 6.2.23 - use range dependencies --------------------------------------------------------------------------------
================================================================================ php-horde-kronolith-4.2.26-1.fc28 (FEDORA-2019-779f2893e7) A web based calendar -------------------------------------------------------------------------------- Update Information:
**kronolith 4.2.26** * [mjr] Remove hard coded end date for calendar feed and allow it to be specified in url. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Remi Collet remi@remirepo.net - 4.2.26-1 - update to 4.2.26 - use range dependencies --------------------------------------------------------------------------------
================================================================================ php-symfony3-3.4.21-1.fc28 (FEDORA-2019-16f5236a9c) Symfony PHP framework (version 3) -------------------------------------------------------------------------------- Update Information:
**Version 3.4.21** (2019-01-06) * bug #29494 [HttpFoundation] Fix request uri when it starts with double slashes (alquerci) * bug #29679 [HttpKernel] Correctly Render Signed URIs Containing Fragments (zanbaldwin) * bug #29754 Ensure final input of CommandTester works with default (Firehed) * bug #29695 [Form] Do not ignore the choice groups for caching (vudaltsov) * bug #29738 [Intl] handle null date and time types (xabbuh) * bug #29704 [FrameworkBundle] improve errors in tests missing the BrowserKit component (xabbuh) * bug #29617 [Console] Add specific replacement for help text in single command applications (codedmonkey) * bug #29714 [Event Dispatcher] fixed 29703: TraceableEventDispatcher reset() callStack to null (mlievertz) * bug #29597 [DI] fix reporting bindings on overriden services as unused (nicolas-grekas) * bug #29639 [Yaml] detect circular references (xabbuh) * bug #29411 [EventDispatcher] Revers event tracing order (ro0NL) * bug #29533 Fixed public directory when configured in composer.json (alexander-schranz) * bug #29619 [Console] OutputFormatter: move strtolower to createStyleFromString (ogizanagi) * bug #29621 [Security] Prefer clone() over unserialize(serialize()) for user refreshment (chalasr) * bug #29587 [Debug] ignore underscore vs backslash namespaces in DebugClassLoader (nicolas-grekas) * bug #29584 [FrameworkBundle] fix describing routes with no controllers (nicolas-grekas) * bug #29582 [DI] move RegisterServiceSubscribersPass before DecoratorServicePass (kbond) * bug #29527 [TwigBridge][Form] Prevent multiple rendering of form collection prototypes (Shoplifter) * bug #29571 [Yaml] ensures that the mb_internal_encoding is reset to its initial value (J��rn Lang) * bug #29513 [Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for array in constructor argument (karser) * bug #29323 [Security] defer log message in guard authenticator (eschultz-magix) * bug #29531 [Validator] Added IBAN format for Vatican City State (raulfraile) * bug #29307 [Form] Filter arrays out of scalar form types (nicolas-grekas) * bug #29500 [Form] filter out invalid Intl values (xabbuh) * bug #29499 [Validator] Fixed grouped composite constraints (HeahDude) -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Remi Collet remi@remirepo.net - 3.4.21-1 - update to 3.4.21 --------------------------------------------------------------------------------
================================================================================ printrun-2.0.0-0.8.rc5.fc28 (FEDORA-2019-5f47a5fd28) RepRap printer interface and tools -------------------------------------------------------------------------------- Update Information:
Fix handling filename command line argument -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Miro Hron��ok mhroncok@redhat.com - Fix Python 3 compatibility when handling filename command line argument (#1654399) * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1:2.0.0-0.7.rc5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1:2.0.0-0.6.rc5 - Rebuilt for Python 3.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1654399 - [abrt] pronterface: process_cmdline_arguments(): pronsole.py:746:process_cmdline_arguments:AttributeError: 'str' object has no attribute 'decode' https://bugzilla.redhat.com/show_bug.cgi?id=1654399 --------------------------------------------------------------------------------
================================================================================ purple-facebook-0.9.5-13.9ff9acf9fa14.fc28 (FEDORA-2019-713edad58a) Facebook protocol plugin for purple2 -------------------------------------------------------------------------------- Update Information:
- Add patch from upstream fixing 'Failed to get sync_sequence_id' - Add patch to check and link zlib -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-13.9ff9acf9fa14 - Add patch to check and link zlib * Mon Jan 7 2019 Bj��rn Esser besser82@fedoraproject.org - 0.9.5-12.9ff9acf9fa14 - Add patch from upstream fixing 'Failed to get sync_sequence_id' (#1663599) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1663599 - Stop working with the error: Failed to get sync_sequence_id https://bugzilla.redhat.com/show_bug.cgi?id=1663599 --------------------------------------------------------------------------------
================================================================================ python-django-2.0.10-1.fc28 (FEDORA-2019-e6ca5847c7) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information:
fix CVE-2019-3498 python-django: Content spoofing via URL path in -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Matthias Runge mrunge@redhat.com - 2.0.10-1 - fix CVE-2019-3498 python-django: Content spoofing via URL path in default 404 page (rhbz#1663723) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1663723 - CVE-2019-3498 python-django: Content spoofing via URL path in default 404 page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1663723 --------------------------------------------------------------------------------
================================================================================ python-moksha-hub-1.5.14-1.fc28 (FEDORA-2019-1d86eca7f8) Hub components for Moksha -------------------------------------------------------------------------------- Update Information:
Add support for stomp over TLS with SNI https://github.com/mokshaproject/moksha/pull/66 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Ralph Bean rbean@redhat.com - 1.5.14-1 - new version * Mon Sep 24 2018 Ralph Bean rbean@redhat.com - 1.5.13-2.0.1cb025525 - Apply experimental upstream patch for stomp heartbeat handling https://github.com/mokshaproject/moksha/pull/65 --------------------------------------------------------------------------------
================================================================================ python-tvb-gdist-1.5.6-3.fc28 (FEDORA-2019-a387a35b7c) Cython interface to geodesic -------------------------------------------------------------------------------- Update Information:
New package! https://github.com/the-virtual-brain/tvb-geodesic -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1662544 - Review Request: python-tvb-gdist - Cython interface to geodesic https://bugzilla.redhat.com/show_bug.cgi?id=1662544 --------------------------------------------------------------------------------
================================================================================ syncthing-1.0.0-1.fc28 (FEDORA-2019-ef3fc57be3) Continuous File Synchronization -------------------------------------------------------------------------------- Update Information:
Update to version 1.0.0. It was originally planned to release this version as 0.14.55, but the upstream project decided to finally let this release reflect the "stable" status of the project - after about five years of development. Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.0.0 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Fabio Valentini decathorpe@gmail.com - 1.0.0-1 - Update to version 1.0.0. --------------------------------------------------------------------------------
================================================================================ tor-0.3.4.10-1.fc28 (FEDORA-2019-cb776a25ba) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information:
update to latest upstream release -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Marcel H��rry mh+fedora@scrit.ch - 0.3.4.10-1 - update to latest upstream release --------------------------------------------------------------------------------
================================================================================ uriparser-0.9.1-1.fc28 (FEDORA-2019-776855b285) URI parsing library - RFC 3986 -------------------------------------------------------------------------------- Update Information:
Update to uriparser-0.9.1, see https://raw.githubusercontent.com/uriparser/uriparser/uriparser-0.9.1/Change... for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 7 2019 Sandro Mani manisandro@gmail.com - 0.9.1-1 - Update to 0.9.1 --------------------------------------------------------------------------------
================================================================================ wireshark-2.6.5-2.fc28 (FEDORA-2019-c19c0dcfa9) Network traffic analyzer -------------------------------------------------------------------------------- Update Information:
Enabling HTTP2 support -------------------------------------------------------------------------------- ChangeLog:
* Thu Jan 3 2019 Michal Ruprich mruprich@redhat.com - 1:2.6.5-2 - Adding libnghttp2-devel as BuildRequires - needed for HTTP2 support(rhbz#1512722) - Adding jack-audio-connection-kit as a BuildRequire for portaudio -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1512722 - RFE: enable HTTP/2 support in Wireshark >= 2.4 https://bugzilla.redhat.com/show_bug.cgi?id=1512722 --------------------------------------------------------------------------------