The following Fedora 28 Security updates need testing:
Age URL
19
https://bodhi.fedoraproject.org/updates/FEDORA-2018-99eed1942f remctl-3.14-1.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9a85d5af21
scummvm-tools-2.0.0-1.fc28 scummvm-2.0.0-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-00e90783d2
community-mysql-5.7.22-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-389bc4e911
knot-resolver-2.3.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3564527be4
haproxy-1.8.8-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c965abb15
dpdk-17.11.2-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e048a4ef13
glusterfs-4.0.2-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ee6707d519 php-7.2.5-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-43c64deada
drupal7-7.59-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0 xen-4.10.0-9.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fd7715891e
perl-Carp-1.42-396.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11158ccb70
libappstream-glib-0.7.8-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-0b2f8b762b git-2.17.0-3.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbebca30d0 xen-4.10.0-9.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c36685eaaf
libreport-2.9.5-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-34a22a587d
libepoxy-1.5.1-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b4c97671e8
poppler-data-0.4.9-1.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e048a4ef13
glusterfs-4.0.2-1.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b67990d1d1
libldm-0.2.4-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
copr-backend-1.115-1.fc28
copr-frontend-1.130-1.fc28
copr-rpmbuild-0.18-1.fc28
grass-7.4.0-2.fc28
libwebp-1.0.0-1.fc28
mame-0.197-1.fc28
mingw-libwebp-1.0.0-1.fc28
openvpn-2.4.6-1.fc28
pass-otp-1.1.0-2.fc28
pdc-updater-0.9.1-1.fc28
php-zendframework-zend-cache-2.8.1-2.fc28
php-zendframework-zend-file-2.8.0-2.fc28
php-zendframework-zend-i18n-2.8.0-2.fc28
php-zendframework-zend-navigation-2.9.0-2.fc28
pixman-0.34.0-7.fc28
python-neomodel-3.2.7-1.fc28
samba-4.8.1-0.fc28
Details about builds:
================================================================================
copr-backend-1.115-1.fc28 (FEDORA-2018-70111b5eb8)
Backend for Copr
--------------------------------------------------------------------------------
Update Information:
- rpkg deployment into COPR - containers + releng continuation - fix pagure bugs
#269, #273, #221 and #268 - cleanup in test_helpers, one test added - change
order of args in StrictRedis call - add comment about expected usage of the
copr_log_hitcounter script - try to send hit data to frontend several times from
copr_log_hitcounter
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Dominik Turecek <dturecek(a)redhat.com> 1.115-1
- rpkg deployment into COPR - containers + releng continuation
- fix pagure bugs #269, #273, #221 and #268
- cleanup in test_helpers, one test added
- change order of args in StrictRedis call
- add comment about expected usage of the copr_log_hitcounter script
- try to send hit data to frontend several times from
copr_log_hitcounter
--------------------------------------------------------------------------------
================================================================================
copr-frontend-1.130-1.fc28 (FEDORA-2018-a0cc75a520)
Frontend for Copr
--------------------------------------------------------------------------------
Update Information:
- add pending tasks to graphs - rpkg deployment into COPR - containers + releng
continuation - fix flash messages not disappearing after page reload - change
flash messages for deleted/cancelled builds - remove dangling symlinks after
00b6073 - unbundle static files - some javascript assets are not placed under
component folder - remove redundatant stuff in complex tests - remove unneeded
basenames - fix #269, #273, #221 and #268 - fix #275 web-ui: last build name
shows "None" - api /build_status/ to not require login - add status_icon for
build_id - change login welcome message to success message - redirect to builds
table after rebuild - custom method: move the script filter into form - fix
graphics issues after adding xstatic-patternfly-common - give project names more
space
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Dominik Turecek <dturecek(a)redhat.com> 1.130-1
- add pending tasks to graphs
- rpkg deployment into COPR - containers + releng continuation
- fix flash messages not disappearing after page reload
- change flash messages for deleted/cancelled builds
- remove dangling symlinks after 00b6073
- unbundle static files
- some javascript assets are not placed under component folder
- remove redundatant stuff in complex tests
- remove unneeded basenames
- fix #269, #273, #221 and #268
- fix #275 web-ui: last build name shows "None"
- api /build_status/ to not require login
- add status_icon for build_id
- change login welcome message to success message
- redirect to builds table after rebuild
- custom method: move the script filter into form
- fix graphics issues after adding xstatic-patternfly-common
- give project names more space
--------------------------------------------------------------------------------
================================================================================
copr-rpmbuild-0.18-1.fc28 (FEDORA-2018-c68d819ed8)
Run COPR build tasks
--------------------------------------------------------------------------------
Update Information:
- rpkg deployment into COPR - containers + releng continuation
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Dominik Turecek <dturecek(a)redhat.com> 0.18-1
- rpkg deployment into COPR - containers + releng continuation
- updates for latest upstream rpkg
- update rpkg.conf.j2 to the latest rpkg version
- s|/bin/env|/usr/bin/env| in shebang
--------------------------------------------------------------------------------
================================================================================
grass-7.4.0-2.fc28 (FEDORA-2018-146acddf9e)
GRASS GIS - Geographic Resources Analysis Support System
--------------------------------------------------------------------------------
Update Information:
add /etc/ld.so.conf.d/grass-*.conf to find libs by Daniele Vigan��
<daniele(a)vigano.me> (RHBZ #1571441)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 25 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.0-2
- add /etc/ld.so.conf.d/grass-*.conf to find libs by Daniele Vigan��
<daniele(a)vigano.me> (RHBZ #1571441)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1571441 - GRASS libs are not found by dynamic linker
https://bugzilla.redhat.com/show_bug.cgi?id=1571441
--------------------------------------------------------------------------------
================================================================================
libwebp-1.0.0-1.fc28 (FEDORA-2018-c9cf63cea3)
Library and tools for the WebP graphics format
--------------------------------------------------------------------------------
Update Information:
Update to libwebp-1.0.0, see
https://raw.githubusercontent.com/webmproject/libwebp/1.0.0/NEWS for details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Sandro Mani <manisandro(a)gmail.com> - 1.0.0-1
- Update to 1.0.0
--------------------------------------------------------------------------------
================================================================================
mame-0.197-1.fc28 (FEDORA-2018-070d2a2b40)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
An update to the latest mame release: *
http://mamedev.org/?p=456
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 25 2018 Julian Sikorski <belegdol(a)fedoraproject.org> - 0.197-1
- Updated to 0.197
- Dropped upstreamed pugixml patch
--------------------------------------------------------------------------------
================================================================================
mingw-libwebp-1.0.0-1.fc28 (FEDORA-2018-c9cf63cea3)
MinGW compilation of Library and tools for the WebP format
--------------------------------------------------------------------------------
Update Information:
Update to libwebp-1.0.0, see
https://raw.githubusercontent.com/webmproject/libwebp/1.0.0/NEWS for details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Sandro Mani <manisandro(a)gmail.com> - 1.0.0-1
- Update to 1.0.0
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.6.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openvpn-2.4.6-1.fc28 (FEDORA-2018-5dd75e28b3)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Updating to latest upstream [OpenVPN
2.4.6](https://github.com/OpenVPN/openvpn/blob/v2.4.6/Changes.rst#version....
The security fixes in this release is only related to Windows.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 David Sommerseth <dazo(a)eurephia.org> - 2.4.6-1
- Updating to upstream, openvpn-2.4.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1572009 - openvpn-2.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1572009
--------------------------------------------------------------------------------
================================================================================
pass-otp-1.1.0-2.fc28 (FEDORA-2018-1d308fc5f6)
A pass extension for managing one-time-password (OTP) tokens
--------------------------------------------------------------------------------
Update Information:
New package pass-otp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1572070 - Review Request: pass-otp - A pass extension for managing
one-time-password (OTP) tokens
https://bugzilla.redhat.com/show_bug.cgi?id=1572070
--------------------------------------------------------------------------------
================================================================================
pdc-updater-0.9.1-1.fc28 (FEDORA-2018-4fe75f8a62)
Update the product definition center in response to fedmsg
--------------------------------------------------------------------------------
Update Information:
https://github.com/fedora-infra/pdc-updater/pull/85 ---- Use more informative
koji tag name for module builds.
https://github.com/fedora-infra/pdc-
updater/pull/84
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Ralph Bean <rbean(a)redhat.com> - 0.9.1-1
- new version
* Mon Apr 23 2018 Ralph Bean <rbean(a)redhat.com> - 0.9.0-1
- new version
* Fri Mar 16 2018 Ralph Bean <rbean(a)redhat.com> - 0.8.4-2
- Straighten out deps for epel7.
* Fri Mar 16 2018 Ralph Bean <rbean(a)redhat.com> - 0.8.4-1
- new version
* Mon Mar 12 2018 Iryna Shcherbina <ishcherb(a)redhat.com> - 0.8.1-2
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1572347 - pdc-updater-0.9.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1572347
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-cache-2.8.1-2.fc28 (FEDORA-2018-0bb4d7282c)
Zend Framework Cache component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.1** - 2018-04-26 * **Fixed** -
[#165](https://github.com/zendframework/zend-cache/issues/165) fixes an issue
with the memcached adapter ensuring that retrieval returns boolean false when
unable to retrieve the requested item. ---- **Version 2.8.0** - 2018-04-24 *
**Added** - [#148](https://github.com/zendframework/zend-cache/pull/148)
adds support for PHP 7.1 and 7.2. - [#46](https://github.com/zendframework
/zend-cache/issues/46), [#155](https://github.com/zendframework/zend-
cache/issues/155), and [#161](https://github.com/zendframework/zend-
cache/issues/161) add support for [
PSR-6](https://www.php-fig.org/psr/psr-6/)
(Caching Interface). They provides an implementation of
`Psr\Cache\CacheItemPoolInterface` via
`Zend\Cache\Psr\CacheItemPool\CacheItemPoolDecorator`, which accepts a
`Zend\Cache\Storage\StorageInterface` instance to its constructor, and proxies
the various PSR-6 methods to it. It also provides a
`Psr\Cache\CacheItemInterface` implementation via
`Zend\Cache\Psr\CacheItemPool\CacheItem`, which provides a value object for
both introspecting cache fetch results, as well as providing values to cache.
- [#152](https://github.com/zendframework/zend-cache/pull/152),
[#155](https://github.com/zendframework/zend-cache/pull/155),
[#159](https://github.com/zendframework/zend-cache/pull/159), and
[#161](https://github.com/zendframework/zend-cache/issues/161) add an adapter
providing [
PSR-16](https://www.php-fig.org/psr/psr-16/) (Caching Library
Interface) support. The new class,
`Zend\Cache\Psr\SimpleCache\SimpleCacheDecorator`, accepts a
`Zend\Cache\Storage\StorageInterface` instance to its constructor, and proxies
the various PSR-16 methods to it. - [#154](https://github.com/zendframework
/zend-cache/pull/154) adds an ext-mongodb adapter,
`Zend\Cache\Storage\Adapter\ExtMongoDb`. You may use the `StorageFactory` to
create an instance using either the fully qualified class name as the adapter
name, or the strings `ext_mongo_db` or `ExtMongoDB` (or most variations on
case of the latter string). The options it accepts are the same as for the
existing `Zend\Cache\Storage\Adapter\MongoDb`, and it provides the same
capabilities. The adapter requires the mongodb/mongodb package to operate.
- [#120](https://github.com/zendframework/zend-cache/pull/120) adds the ability
to configure alternate file suffixes for both cache and tag cache files within
the Filesystem adapter. Use the `suffix` and `tag_suffix` options to set them;
they will default to `dat` and `tag`, respectively. -
[#79](https://github.com/zendframework/zend-cache/issues/79) Add capability
for the "lock-on-expire" feature (��sed by Zend Data Cache) * **Changed**
-
[#116](https://github.com/zendframework/zend-cache/pull/116) adds docblock
method chaining consistency. * **Removed** -
[#101](https://github.com/zendframework/zend-cache/pull/101) removes support for
PHP 5.5. - [#148](https://github.com/zendframework/zend-cache/pull/148)
removes support for HHVM. * **Fixed** -
[#151](https://github.com/zendframework/zend-cache/pull/151) adds logic to
normalize options before creating the underlying Redis resource when using a
Redis adapter, fixing issues when using an array with the server and port to
use for connecting to the server. - [#151](https://github.com/zendframework
/zend-cache/pull/151) adds logic to prevent changing the underlying resource
within Redis adapter instances. - [#150](https://github.com/zendframework
/zend-cache/pull/150) fixes an issue with how CAS tokens are handled when using
the memcached adapter. - [#61](https://github.com/zendframework/zend-
cache/pull/61) sets the Zend Data Cache minTtl value to 1. -
[#147](https://github.com/zendframework/zend-cache/pull/147) fixes the Redis
extension by ensuring it casts the results of `exists()` to a boolean when
testing if the storage contains an item. -
[#146](https://github.com/zendframework/zend-cache/pull/146) fixes several
methods to change `@return` annotations to `@throws` where applicable. -
[#134](https://github.com/zendframework/zend-cache/pull/134) adds a missing
import statement for `Traversable` within the `AdapterOptions` class. -
[#128](https://github.com/zendframework/zend-cache/pull/128) Fixed incorrect
variable usage in MongoDbResourceManager
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.8.1-2
- update to 2.8.1
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.8.0-4
- add optional dependency on mongodb/mongodb
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.8.0-2
- update to 2.8.0
- raise dependency on PHP 5.6
- add dependency on psr/cache
- add dependency on psr/simple-cache
- raise dependency on zend-eventmanager 3.2
- raise dependency on zend-servicemanager 3.3
- raise dependency on zend-stdlib 3.1
- use range dependencies (F27+)
- switch to phpunit6 or phpunit7
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-file-2.8.0-2.fc28 (FEDORA-2018-22cf68d126)
Zend Framework File component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.0** - 2018-04-25 * **Added** -
[#43](https://github.com/zendframework/zend-file/pull/43) adds support for PHP
7.1 and 7.2. * **Removed** - [#43](https://github.com/zendframework/zend-
file/pull/43) removes support for PHP 5.5. -
[#43](https://github.com/zendframework/zend-file/pull/43) removes support for
HHVM. * **Fixed** - [#41](https://github.com/zendframework/zend-
file/pull/41) fixes an issue in PHP 7.1 and up with false-positive detection of
classes, interfaces, and traits when class methods are named after these
keywords.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.8.0-2
- update to 2.8.0
- raise dependency on PHP 5.6
- raise dependency on zend-stdlib 2.7.7
- switch to phpunit6 or phpunit7
- use range dependencies on F27+
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-i18n-2.8.0-2.fc28 (FEDORA-2018-1cf399d9ff)
Zend Framework I18n component
--------------------------------------------------------------------------------
Update Information:
**Version 2.8.0** - 2018-04-25 * **Added** -
[#71](https://github.com/zendframework/zend-i18n/pull/71) adds a new option to
the `IsInt` validator, `strict`. When set to boolean true, comparisons will use
strict type validations. The default, `false`, retains the current behavior of
non-strict comparisons. The class also exposes a `setStrict($flag)` method for
enabling/disabling the behavior. - [#78](https://github.com/zendframework
/zend-i18n/pull/78) and [#91](https://github.com/zendframework/zend-
i18n/pull/91) add support for PHP 7.2. * **Changed** -
[#81](https://github.com/zendframework/zend-i18n/pull/81) updates the list of
allowed mobile prefixes for Chinese phones to match current changes to their
systems. - [#80](https://github.com/zendframework/zend-i18n/pull/80) updates
the PostCode validator to allow prefixing Latvian postal codes using the string
`LV-`, which is now mandatory within Latvia. For BC purposes, the prefix is
considered optional. * **Removed** -
[#78](https://github.com/zendframework/zend-i18n/pull/78) removes support for
HHVM. * **Fixed** - [#75](https://github.com/zendframework/zend-
i18n/pull/75) fixes an issue with formatting currency values where the currency
indicator is at the end of the value.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.8.0-2
- update to 2.8.0
- switch to phpunit7
- use range dependencies
--------------------------------------------------------------------------------
================================================================================
php-zendframework-zend-navigation-2.9.0-2.fc28 (FEDORA-2018-9b506921ac)
Zend Framework Navigation component
--------------------------------------------------------------------------------
Update Information:
**Version 2.9.0** - 2018-04-25 * **Added** -
[#67](https://github.com/zendframework/zend-navigation/pull/67) adds support for
PHP 7.2. * **Removed** - [#67](https://github.com/zendframework/zend-
navigation/pull/67) removes support for HHVM. -
[#59](https://github.com/zendframework/zend-navigation/pull/59) removes support
for PHP 5.5.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Remi Collet <remi(a)remirepo.net> - 2.9.0-2
- update to 2.9.0
- raise dependency to PHP 5.6
- switch to phpunit6 or phpunit7
- use range dependencies on F27+
--------------------------------------------------------------------------------
================================================================================
pixman-0.34.0-7.fc28 (FEDORA-2018-fc3904edc1)
Pixel manipulation library
--------------------------------------------------------------------------------
Update Information:
Disable vmx fast paths for ppc64/le, as they're broken with gcc8
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Adam Jackson <ajax(a)redhat.com> - 0.34.0-7
- Enable %check
- --disable-vmx to fix %check failures with gcc8
- Remove stray --disable-ssse3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1546693 - fuzzy "welcome to Fedora Rawhide" panel (language choose)
at install
https://bugzilla.redhat.com/show_bug.cgi?id=1546693
--------------------------------------------------------------------------------
================================================================================
python-neomodel-3.2.7-1.fc28 (FEDORA-2018-5cc2bd270b)
A Python OGM for Neo4j
--------------------------------------------------------------------------------
Update Information:
Updated to 3.2.7
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
samba-4.8.1-0.fc28 (FEDORA-2018-a101fbc1c7)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.8.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 26 2018 Guenther Deschner <gdeschner(a)redhat.com> - 4.8.1-0
- Update to Samba 4.8.1
* Wed Mar 14 2018 Guenther Deschner <gdeschner(a)redhat.com> - 4.8.0-7
- resolves: #1554754, #1554756 - Security fixes for CVE-2018-1050 CVE-2018-1057
- resolves: #1555112 - Update to Samba 4.8.0
* Tue Mar 13 2018 Andreas Schneider <asn(a)redhat.com> - 4.8.0rc4-6
- resolves: #1552652 - Fix usage of nc in ctdb tests and only recommned it
--------------------------------------------------------------------------------