The following Fedora 29 Security updates need testing: Age URL 57 https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320 xerces-c27-2.7.0-28.fc29 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4381dd7d0b drupal8-8.6.2-1.fc29 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3f4eb1f9f drupal7-7.60-2.fc29 30 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7adf863a47 php-Smarty2-2.6.31-2.fc29 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6aada550ca bird-1.6.4-2.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d qemu-3.0.0-2.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4003413459 mingw-uriparser-0.9.0-1.fc29 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5c72a45ea uriparser-0.9.0-1.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3fbc181b3e keepalived-2.0.10-1.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-22c609e92a cobbler-2.8.4-5.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e423e8743f samba-4.9.3-0.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-937e8a39c4 python36-3.6.7-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e14840a7f5 pdns-recursor-4.1.8-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fff9c76313 xfce-polkit-0.3-1.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-004d2f4e6f xfconf-4.13.6-2.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d qemu-3.0.0-2.fc29 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-17cbc3c616 dnf-4.0.9-1.fc29 dnf-plugins-core-4.0.2-1.fc29 dnf-plugins-extras-4.0.0-1.fc29 libdnf-0.22.3-1.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6682778e13 pungi-4.1.31-1.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e423e8743f samba-4.9.3-0.fc29 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3dd0383fa PackageKit-1.1.12-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b1deef70ad lorax-29.21-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
ansible-2.7.3-1.fc29 apache-sshd-2.1.0-1.fc29 appcenter-3.0.1-2.fc29 buku-4.0-2.fc29 clementine-1.3.1-32.20181130gitd260c8b.fc29 dar-2.6.0.RC10-1.fc29 ed25519-java-0.3.0-1.fc29 filezilla-3.39.0-1.fc29 flatpak-1.0.6-3.fc29 freerdp-2.0.0-47.rc4.fc29 gdb-8.2-5.fc29 glibc-2.28-23.fc29 golang-gopkg-resty-1-1.10.2-1.fc29 grive2-0.5.0-18.20180820gitcf51167.fc29 groonga-8.0.9-1.fc29 hadoop-2.7.7-1.fc29 java-1.8.0-openjdk-1.8.0.191.b12-11.fc29 kobo-0.8.0-1.fc29 libfilezilla-0.15.1-1.fc29 libsolv-0.7.1-2.fc29 mysql-connector-odbc-8.0.13-1.fc29 nagios-4.4.2-3.fc29 net-snmp-5.8-3.fc29 nettle-3.4.1rc1-1.fc29 perl-5.28.1-425.fc29 perl-BSON-1.10.1-1.fc29 perl-CPAN-Perl-Releases-3.84-1.fc29 perl-Redis-1.991-8.fc29 perl-threads-shared-1.59-1.fc29 phan-1.1.5-1.fc29 pipenv-2018.11.26-1.fc29 python-magic-wormhole-0.11.2-1.fc29 python-pip-18.1-1.fc29 python-shellingham-1.2.7-1.fc29 pyxdg-0.26-3.fc29 regindexer-0.4-1.fc29 rubygem-jekyll-toc-0.9.1-1.fc29 strawberry-0.4.2-1.fc29 switchboard-2.3.5-1.fc29 unixODBC-2.3.7-2.fc29 vinagre-3.22.0-12.fc29 zsh-5.6.2-3.fc29
Details about builds:
================================================================================ ansible-2.7.3-1.fc29 (FEDORA-2018-f7f865dfb0) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:
Update to 2.7.3 bugfix release. See https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7... for more details. -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Kevin Fenzi kevin@scrye.com - 2.7.3-1 - Update to 2.7.3 --------------------------------------------------------------------------------
================================================================================ apache-sshd-2.1.0-1.fc29 (FEDORA-2018-03d2962e75) Apache SSHD -------------------------------------------------------------------------------- Update Information:
Update to latest version of Apache SSHD, see the upstream release notes: https://mina.apache.org/sshd-project/download_2.1.0.html -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Mat Booth mat.booth@redhat.com - 2.1.0-1 - Update to latest upstream release - Patch out the dependency on tomcat-libs -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1448498 - apache-sshd-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448498 --------------------------------------------------------------------------------
================================================================================ appcenter-3.0.1-2.fc29 (FEDORA-2018-cb1e561d82) Software Center from elementary -------------------------------------------------------------------------------- Update Information:
Drop elementaryOS blacklist in favor of the version shipped with appcenter. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Fabio Valentini decathorpe@gmail.com - 3.0.1-2 - Drop elementaryOS blacklist in favor of the version shipped with appcenter. --------------------------------------------------------------------------------
================================================================================ buku-4.0-2.fc29 (FEDORA-2018-5f10814f68) Powerful command-line bookmark manager -------------------------------------------------------------------------------- Update Information:
Add missing Requires -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin zebob.m@gmail.com - 4.0-2 - Add missing Requires -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1655021 - [abrt] buku: module(): buku:21:<module>:ModuleNotFoundError: No module named 'bs4' https://bugzilla.redhat.com/show_bug.cgi?id=1655021 --------------------------------------------------------------------------------
================================================================================ clementine-1.3.1-32.20181130gitd260c8b.fc29 (FEDORA-2018-2a984a3489) A music player and library organizer -------------------------------------------------------------------------------- Update Information:
Bump to qt5 branch. commit d260c8b6d8c876280f8ac883870916bdf4b64df5 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.3.1-32.20181130gitd260c8b - Bump to qt5 branch. commit d260c8b6d8c876280f8ac883870916bdf4b64df5 --------------------------------------------------------------------------------
================================================================================ dar-2.6.0.RC10-1.fc29 (FEDORA-2018-3920f35f33) Software for making/restoring incremental CD/DVD backups -------------------------------------------------------------------------------- Update Information:
upstream updated -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Luis Segundo blackfile@fedoraproject.org - 2.6.0.RC10-1 - New upstream version * Tue Oct 16 2018 Luis Bazan lbazan@fedoraproject.org - 2.5.17-1 - New upstream version * Sat Jul 21 2018 Luis Bazan lbazan@fedoraproject.org - 2.5.16-2 - Fix BZ #1603740 add gcc-c++ * Sat Jul 21 2018 Luis Bazan lbazan@fedoraproject.org - 2.5.16-1 - New Upstream version * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 2.5.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1614312 - FEATURE: Compile with --enable-mode=64 https://bugzilla.redhat.com/show_bug.cgi?id=1614312 [ 2 ] Bug #1603188 - dar-2.5.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1603188 [ 3 ] Bug #1603740 - dar: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1603740 --------------------------------------------------------------------------------
================================================================================ ed25519-java-0.3.0-1.fc29 (FEDORA-2018-03d2962e75) Implementation of EdDSA (Ed25519) in Java -------------------------------------------------------------------------------- Update Information:
Update to latest version of Apache SSHD, see the upstream release notes: https://mina.apache.org/sshd-project/download_2.1.0.html -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Mat Booth mat.booth@redhat.com - 0.3.0-1 - Update to latest upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1448498 - apache-sshd-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448498 --------------------------------------------------------------------------------
================================================================================ filezilla-3.39.0-1.fc29 (FEDORA-2018-eccd436460) FTP, FTPS and SFTP client -------------------------------------------------------------------------------- Update Information:
Latest filezilla -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Gwyn Ciesla limburgher@gmail.com - 3.39.0-1 - 3.39.0 final. * Mon Nov 26 2018 Gwyn Ciesla limburgher@gmail.com - 3.39.0-0.rc1 - 3.39.0-rc1 --------------------------------------------------------------------------------
================================================================================ flatpak-1.0.6-3.fc29 (FEDORA-2018-c5b26a3ee2) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information:
This update fixes problems with OCI remotes installed system wide. It is needed to access Flatpaks on registry.fedoraproject.org. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 fedora-toolbox otaylor@redhat.com - 1.0.6-3 - Add a patch to fix OCI system remotes - Add patch fixing permissions on icons downloaded from an OCI registry --------------------------------------------------------------------------------
================================================================================ freerdp-2.0.0-47.rc4.fc29 (FEDORA-2018-3b16389936) Free implementation of the Remote Desktop Protocol (RDP) -------------------------------------------------------------------------------- Update Information:
FreeRDP update to the latest release candidate and fix of RDP support in Vinagre. -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Ondrej Holy oholy@redhat.com - 2:2.0.0-47.rc4 - Update to 2.0.0-rc4 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1636560 - Black screen when using RDP in Remote Desktop viewer https://bugzilla.redhat.com/show_bug.cgi?id=1636560 --------------------------------------------------------------------------------
================================================================================ gdb-8.2-5.fc29 (FEDORA-2018-1497d92365) A stub package for GNU source-level debugger -------------------------------------------------------------------------------- Update Information:
Fix 'py-bt is broken, results in exception' (RHBZ 1639242). -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Sergio Durigan Junior sergiodj@redhat.com - 8.2-5.fc29 - Fix 'py-bt is broken, results in exception' (RHBZ 1639242). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1639242 - py-bt is broken, results in exception https://bugzilla.redhat.com/show_bug.cgi?id=1639242 --------------------------------------------------------------------------------
================================================================================ glibc-2.28-23.fc29 (FEDORA-2018-c69aee3e63) The GNU libc libraries -------------------------------------------------------------------------------- Update Information:
This update to the `glibc` package adds a new security hardening feature. * malloc: tcache double free check (RHBZ#1647395) -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 DJ Delorie dj@redhat.com - 2.28-23 - Auto-sync with upstream branch release/2.28/master, commit b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa. - malloc: tcache double free check (#1647395) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1647395 - glibc: the execution continued with double free in the program https://bugzilla.redhat.com/show_bug.cgi?id=1647395 --------------------------------------------------------------------------------
================================================================================ golang-gopkg-resty-1-1.10.2-1.fc29 (FEDORA-2018-22c8bc06a4) Simple HTTP and REST client library for Go -------------------------------------------------------------------------------- Update Information:
- Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1654040 - Review Request: golang-gopkg-resty-1 - Simple HTTP and REST client library for Go https://bugzilla.redhat.com/show_bug.cgi?id=1654040 --------------------------------------------------------------------------------
================================================================================ grive2-0.5.0-18.20180820gitcf51167.fc29 (FEDORA-2018-9c9446a9e0) Google Drive client -------------------------------------------------------------------------------- Update Information:
Update to most recent git head to merge in bugfixes -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Zamir SUN sztsian@gmail.com - 0.5.0-18.20180820gitcf51167 - Update to most recent git head to merge in bugfixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1615018 - grive2: Update to include recent upstream bugfixes https://bugzilla.redhat.com/show_bug.cgi?id=1615018 --------------------------------------------------------------------------------
================================================================================ groonga-8.0.9-1.fc29 (FEDORA-2018-f1aeffd462) An Embeddable Fulltext Search Engine -------------------------------------------------------------------------------- Update Information:
new upstream release -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Kentaro Hayashi hayashi@clear-code.com 8.0.9-1 - new upstream release - fix E: specfile-error warning: Macro expanded in comment --------------------------------------------------------------------------------
================================================================================ hadoop-2.7.7-1.fc29 (FEDORA-2018-beec9e3fda) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information:
Bug fix and upgrade to version 2.7.7 -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Mike Miller mmiller@apache.org - 2.7.7-1 - Upgrade to 2.7.7. Remove patch no longer needed for CVE-2018-8009 * Wed Nov 28 2018 Mike Miller mmiller@apache.org - 2.7.6-6 - Fix NoClassDefFoundError with cglib in Yarn and make top level hadoop package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1654240 - CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix for CVE-2016-6811) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1654240 [ 2 ] Bug #1554525 - When starting Resource Manager - java.lang.NoClassDefFoundError: net/sf/cglib/core/CodeGenerationException https://bugzilla.redhat.com/show_bug.cgi?id=1554525 --------------------------------------------------------------------------------
================================================================================ java-1.8.0-openjdk-1.8.0.191.b12-11.fc29 (FEDORA-2018-437c926bfc) OpenJDK Runtime Environment 8 -------------------------------------------------------------------------------- Update Information:
Some minor updates + TLSv1.2 support via the PKCS11 provider. -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 22 2018 Andrew John Hughes gnu.andrew@redhat.com - 1:1.8.0.191.b12-11 - Add backport of JDK-8029661 which adds TLSv1.2 support to the PKCS11 provider. * Tue Nov 13 2018 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.191.b12-10 - Revise Shenandoah PR3634 patch following upstream discussion. * Wed Nov 7 2018 Jiri Vanek jvanek@redhat.com - 1:1.8.0.191.b12-9 - headfull suggests of cups, replaced by Requires of cups-libs in headless * Wed Nov 7 2018 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.191.b12-9 - Note why PR1834/RH1022017 is not suitable to go upstream in its current form. * Mon Nov 5 2018 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.191.b12-9 - Document patch sections. * Mon Nov 5 2018 Andrew Hughes gnu.andrew@redhat.com - 1:1.8.0.191.b12-9 - Fix patch organisation in the spec file: - * Move ECC patches back to upstreamable section - * Move system cacerts & crypto policy patches to upstreamable section - * Merge "Local fixes" and "RPM fixes" which amount to the same thing - * Move system libpng & lcms patches back to 8u upstreamable section --------------------------------------------------------------------------------
================================================================================ kobo-0.8.0-1.fc29 (FEDORA-2018-4418fc329b) Python modules for tools development -------------------------------------------------------------------------------- Update Information:
New upstream release 0.8.0. ### FEATURES & IMPROVEMENTS - Improved Python 3 compatibility - Improved Django 2.0 compatibility - Improved tests coverage - Header produced by kobo.shortcuts.run(show_cmd=True) is now limited to 79 characters length ### BUG FIXES - Fixed handling of string SERVER_PORT in wsgi requests - Fixed Worker.timeout_task wrongly setting subtasks to INTERRUPTED ([#72](https://github.com/release-engineering/kobo/issues/72)) - Fixed Worker.set_task_weight always crashing ([#75](https://github.com/release- engineering/kobo/issues/75)) - Fixed missing dependency on python-six https://bugzilla.redhat.com/show_bug.cgi?id=1654946 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Rohan McGovern rmcgover@redhat.com - 0.8.0-1 - New upstream release 0.8.0 * Fri Nov 30 2018 Rohan McGovern rmcgover@redhat.com - 0.7.0-10 - Add missing dependencies on python-six (RHBZ#1654946) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1654946 - kobo packages are missing dependency on six https://bugzilla.redhat.com/show_bug.cgi?id=1654946 --------------------------------------------------------------------------------
================================================================================ libfilezilla-0.15.1-1.fc29 (FEDORA-2018-eccd436460) C++ Library for FileZilla -------------------------------------------------------------------------------- Update Information:
Latest filezilla -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 26 2018 Gwyn Ciesla limburgher@gmail.com - 0.15.1-1 - 0.15.1 --------------------------------------------------------------------------------
================================================================================ libsolv-0.7.1-2.fc29 (FEDORA-2018-092ca34d90) Package dependency solver -------------------------------------------------------------------------------- Update Information:
Backport fixes for autouninstall -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org - 0.7.1-2 - Backport fixes for autouninstall -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1446068 - "dnf update --allowerasing" just removes packages instead of update https://bugzilla.redhat.com/show_bug.cgi?id=1446068 --------------------------------------------------------------------------------
================================================================================ mysql-connector-odbc-8.0.13-1.fc29 (FEDORA-2018-aac3769cee) ODBC driver for MySQL -------------------------------------------------------------------------------- Update Information:
**MySQL connector ODBC 8.0.13** A fresh new rebase straight to a version fully compatible with MySQL 8 Release notes: https://dev.mysql.com/doc/relnotes/connector-odbc/en/news-5-3.html https://dev.mysql.com/doc/relnotes/connector-odbc/en/news-8-0.html Bugs fixed: After a long time it builds well against the 'community-mysql' package Maintainer notes: New configuration reflecting MySQL 8 added to 'unixODBC' package and made default Thanks to Lars Tangvald from Oracle for the patch that made it possible Test with: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8115812ed -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Lars Tangvald lars.tangvald@oracle.com - 8.0.13-1 - Rebase to 8.0.13 Resolves: #1569767 Resolves: #1604908 - Rediff 64bit patch - Remove obsolete patches - Add cmake patch - Disable building with GUI * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 5.3.10-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 5.3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1604908 - mysql-connector-odbc: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604908 [ 2 ] Bug #1569767 - mysql-connector-odbc-8.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1569767 --------------------------------------------------------------------------------
================================================================================ nagios-4.4.2-3.fc29 (FEDORA-2018-42555731d2) Host/service/network monitoring program -------------------------------------------------------------------------------- Update Information:
Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441 CVE-2016-8641 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Stephen Smoogen smooge@fedoraproject.org - 4.4.2-3 - Remove systemd startup since built in works properly - Incorporate fixes from patch14 into patch9 * Thu Nov 29 2018 Stephen Smoogen smooge@fedoraproject.org - 4.4.2-2 - Fix init-type and initdir for systemd and sysv * Wed Nov 28 2018 Justin Paulsen petaris@gmail.com 4.4.2-1 - Bumped to version 4.4.2 - Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes - Updates to nagios.spec (this file) to cleanup un-needed elements and adjust/fix as required - As a result of the cleanup I have added a patch nagios-0014-fix-resource.cfg-path.patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1593048 - nagios-4.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1593048 [ 2 ] Bug #1647765 - Memory leak in nagios https://bugzilla.redhat.com/show_bug.cgi?id=1647765 [ 3 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result size issue in wproc https://bugzilla.redhat.com/show_bug.cgi?id=1482407 [ 4 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of weeks of starting. https://bugzilla.redhat.com/show_bug.cgi?id=1506423 [ 5 ] Bug #1592594 - nagios spool files in wrong location by default, causing SELinux violations https://bugzilla.redhat.com/show_bug.cgi?id=1592594 --------------------------------------------------------------------------------
================================================================================ net-snmp-5.8-3.fc29 (FEDORA-2018-042156f164) A collection of SNMP protocol tools and libraries -------------------------------------------------------------------------------- Update Information:
Update to net-snmp-5.8. -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 27 2018 Josef Ridky jridky@redhat.com - 1:5.8-3 - backport memory leak fixes from upstream - add fPIE to CFLAGS (#1543853) - use default LDFLAGS * Mon Jul 23 2018 Josef Ridky jridky@redhat.com - 1:5.8-2 - fix unresoved error with mysql functions - implement changes to announce soname changes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1637573 - CVE-2018-18065 CVE-2018-18066 net-snmp: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1637573 [ 2 ] Bug #1543853 - net-snmp: Fedora build flags only partially applied https://bugzilla.redhat.com/show_bug.cgi?id=1543853 [ 3 ] Bug #1531020 - net-snmp-5.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1531020 --------------------------------------------------------------------------------
================================================================================ nettle-3.4.1rc1-1.fc29 (FEDORA-2018-665e6dfcf0) A low-level cryptographic library -------------------------------------------------------------------------------- Update Information:
New upstream release; provides API for constant memory access RSA operations (CVE-2018-16869) -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Nikos Mavrogiannopoulos nmav@redhat.com - 3.4.1rc1-1 - New upstream release; provides API for constant memory access RSA operations --------------------------------------------------------------------------------
================================================================================ perl-5.28.1-425.fc29 (FEDORA-2018-9dbe983805) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and CVE-2018-18314 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Jitka Plesnikova jplesnik@redhat.com - 4:5.28.0-425 - 5.28.1 bump - Fix CVE-2018-18312 (heap-buffer-overflow write in regcomp.c) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1646734 - CVE-2018-18312 perl: Heap-buffer-overflow write / reg_node overrun https://bugzilla.redhat.com/show_bug.cgi?id=1646734 [ 2 ] Bug #1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1646730 [ 3 ] Bug #1646738 - CVE-2018-18313 perl: Heap-buffer-overflow read in regcomp.c https://bugzilla.redhat.com/show_bug.cgi?id=1646738 [ 4 ] Bug #1646751 - CVE-2018-18314 perl: Heap-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1646751 --------------------------------------------------------------------------------
================================================================================ perl-BSON-1.10.1-1.fc29 (FEDORA-2018-2ef1282aeb) BSON serialization and deserialization -------------------------------------------------------------------------------- Update Information:
This release adds BSON::Raw::get_first_key() method, implements ObjectID specification and limits BSON encoding and decoding to a maximal depth limit to provent from exhausting a resources. It also improves BSON error messages. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Petr Pisar ppisar@redhat.com - 1.10.1-1 - 1.10.1 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1655009 - Upgrade perl-BSON to 1.10.1 https://bugzilla.redhat.com/show_bug.cgi?id=1655009 --------------------------------------------------------------------------------
================================================================================ perl-CPAN-Perl-Releases-3.84-1.fc29 (FEDORA-2018-cb3a1f2243) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information:
Updated to the latest version -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Jitka Plesnikova jplesnik@redhat.com - 3.84-1 - 3.84 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1655089 - Upgrade perl-CPAN-Perl-Releases to 3.84 https://bugzilla.redhat.com/show_bug.cgi?id=1655089 --------------------------------------------------------------------------------
================================================================================ perl-Redis-1.991-8.fc29 (FEDORA-2018-435d42848b) Perl binding for Redis database -------------------------------------------------------------------------------- Update Information:
This release adjusts tests to changes in Redis 4.0.11. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Petr Pisar ppisar@redhat.com - 1.991-8 - Adjust tests to changes in Redis 4.0.11 (bug #1624360) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1624360 - perl-Redis-1.991-7.fc29 FTBFS: Failed test 'pipeline with embedded error' https://bugzilla.redhat.com/show_bug.cgi?id=1624360 --------------------------------------------------------------------------------
================================================================================ perl-threads-shared-1.59-1.fc29 (FEDORA-2018-ae0be48c15) Perl extension for sharing data structures between threads -------------------------------------------------------------------------------- Update Information:
This release fixes loading its XS implementation on perls that do not support threads. This is not the case of Fedora. We deliver it only to provide an up-to- date version string. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Petr Pisar ppisar@redhat.com - 1.59-1 - 1.59 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1655011 - Upgrade perl-threads-shared to 1.59 https://bugzilla.redhat.com/show_bug.cgi?id=1655011 --------------------------------------------------------------------------------
================================================================================ phan-1.1.5-1.fc29 (FEDORA-2018-d3a99a6bfe) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information:
29 Nov 2018, Phan 1.1.5 ----------------------- **Language Server:** + Fix a crash in the Language Server when pcntl is not installed or enabled (e.g. on Windows) (#2186) ---- 27 Nov 2018, Phan 1.1.4 ----------------------- **New features(Analysis):** + Preserve original descendent object types after type assertions, when original object types are all subtypes (e.g. infer `SubClass` for `$x = rand(0,1) ? new SubClass() : false; if ($x instanceof BaseClass) { ... }`) **Maintenance:** + Emit `UnusedPluginSuppression` on `@phan-suppress-next- line` and `@phan-file-suppress` on the same line as the comment declaring the suppression. (#2167, #1731) + Don't emit `PhanInvalidCommentForDeclarationType` (or attempt to parse) unknown tags that have known tags as prefixes (#2156) (e.g. `@param-some-unknown-tag`) **Bug fixes:** + Fix a crash when analyzing a nullable parameter of type `self` in traits (#2163) + Properly parse closures/generic arrays/array shapes when inner types also contain commas (#2141) + Support matching parentheses inside closure params, recursively. (e.g. `Closure(int[],Closure(int):bool):int[]`) + Don't warn about properties being read-only when they might be modified by reference (#1729) ---- 20 Nov 2018, Phan 1.1.3 ----------------------- **New features (CLI):** + Warn when calling method on union types that are definitely partially invalid. (#1885) New config setting: `--strict-method-checking` (enabled as part of `--strict-type- checking`) New issue type: `PhanPossiblyNonClassMethodCall` + Add a prototype tool `tool/phoogle`, which can be used to search for function/method signatures in user-declared and internal functions/methods. E.g. to look for functions that return a string, given a string and an array: `/path/phan/tool/phoogle 'string -> array -> string` **New features (Analysis):** + Add a heuristic check to detect potential infinite recursion in a functionlike calling itself (i.e. stack overflows) New issue types: `PhanInfiniteRecursion` + Infer literal integer values from expressions such as `2 | 1`, `2 + 2`, etc. + Infer more accurate array shapes for `preg_match_all` (based on existing inferences for `preg_match`) + Make Phan infer union types of variables from switch statements on variables (#1291) (including literal int and string types) + Analyze simple assertions on `get_class($var)` of various forms (#1977) Examples: - `assert(get_class($x) === 'someClass')` - `if (get_class($x) === someClass::class)` - `switch (get_class($x)) {case someClass::class: ...}` + Warn about invalid/possibly invalid callables in function calls. New issue types: `PhanTypeInvalidCallable`, `PhanTypePossiblyInvalidCallable` (the latter check requires `--strict-method-checking`) + Reduce false positives for a few functions (such as `substr`) in strict mode. + Make Phan infer that variables are not null/false from various comparison expressions, e.g. `assert($x > 0);` + Detect invalid arguments to `++`/`--` operators (#680). Improve the analysis of the side effects of `++`/`--` operators. New issue type: `PhanTypeInvalidUnaryOperandIncOrDec` **Plugins:** + Add `BeforeAnalyzeCapability`, which will be executed once before starting the analysis phase. (#2086) **Bug fixes:** + Fix false positives analyzing `define()` (#2128) + Support declaring instance properties as the union type `static` (#2145) New issue types: `PhanStaticPropIsStaticType` + Fix a crash seen when Phan attempted to emit `PhanTypeArrayOperator` for certain operations (#2153) -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Remi Collet remi@remirepo.net - 1.1.5-1 - update to 1.1.5 * Wed Nov 28 2018 Remi Collet remi@remirepo.net - 1.1.4-1 - update to 1.1.4 * Wed Nov 21 2018 Remi Collet remi@remirepo.net - 1.1.3-1 - update to 1.1.3 --------------------------------------------------------------------------------
================================================================================ pipenv-2018.11.26-1.fc29 (FEDORA-2018-b5c855ceea) The higher level Python packaging tool -------------------------------------------------------------------------------- Update Information:
Upgrade pipenv and pip to the latest upstream releases. See https://pipenv.readthedocs.io/en/latest/changelog/ and https://pip.pypa.io/en/stable/news/ -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 29 2018 Miro Hron��ok mhroncok@redhat.com - 2018.11.26-1 - Update to 2018.11.26 (bugfixes only) * Fri Nov 23 2018 Miro Hron��ok mhroncok@redhat.com - 2018.11.14-1 - Update to 2018.11.14 (#1652091) - Should fix incompatibility with pip (#1651317) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1652089 - Update pip to 18.1 https://bugzilla.redhat.com/show_bug.cgi?id=1652089 [ 2 ] Bug #1652091 - Update pipenv to 2018.11.14 https://bugzilla.redhat.com/show_bug.cgi?id=1652091 [ 3 ] Bug #1651317 - pip and pipenv are incompatible https://bugzilla.redhat.com/show_bug.cgi?id=1651317 --------------------------------------------------------------------------------
================================================================================ python-magic-wormhole-0.11.2-1.fc29 (FEDORA-2018-cbd8bfcebb) Securely transfer data between computers -------------------------------------------------------------------------------- Update Information:
Initial packaging for fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1653806 - Review Request: python-magic-wormhole - Securely transfer data between computers https://bugzilla.redhat.com/show_bug.cgi?id=1653806 --------------------------------------------------------------------------------
================================================================================ python-pip-18.1-1.fc29 (FEDORA-2018-b5c855ceea) A tool for installing and managing Python packages -------------------------------------------------------------------------------- Update Information:
Upgrade pipenv and pip to the latest upstream releases. See https://pipenv.readthedocs.io/en/latest/changelog/ and https://pip.pypa.io/en/stable/news/ -------------------------------------------------------------------------------- ChangeLog:
* Thu Nov 22 2018 Miro Hron��ok mhroncok@redhat.com - 18.1-1 - Update to 18.1 (#1652089) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1652089 - Update pip to 18.1 https://bugzilla.redhat.com/show_bug.cgi?id=1652089 [ 2 ] Bug #1652091 - Update pipenv to 2018.11.14 https://bugzilla.redhat.com/show_bug.cgi?id=1652091 [ 3 ] Bug #1651317 - pip and pipenv are incompatible https://bugzilla.redhat.com/show_bug.cgi?id=1651317 --------------------------------------------------------------------------------
================================================================================ python-shellingham-1.2.7-1.fc29 (FEDORA-2018-b5c855ceea) Tool to detect surrounding Shell -------------------------------------------------------------------------------- Update Information:
Upgrade pipenv and pip to the latest upstream releases. See https://pipenv.readthedocs.io/en/latest/changelog/ and https://pip.pypa.io/en/stable/news/ -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1652089 - Update pip to 18.1 https://bugzilla.redhat.com/show_bug.cgi?id=1652089 [ 2 ] Bug #1652091 - Update pipenv to 2018.11.14 https://bugzilla.redhat.com/show_bug.cgi?id=1652091 [ 3 ] Bug #1651317 - pip and pipenv are incompatible https://bugzilla.redhat.com/show_bug.cgi?id=1651317 --------------------------------------------------------------------------------
================================================================================ pyxdg-0.26-3.fc29 (FEDORA-2018-7339f61610) Python library to access freedesktop.org standards -------------------------------------------------------------------------------- Update Information:
Fix code for places where it called non-existant attribute "Type". -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Tom Callaway spot@fedoraproject.org - 0.26-3 - fix incorrect use of Type attribute (bz 1654857) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1654857 - [abrt] openbox: post_parse(): Menu.py:997:post_parse:AttributeError: 'MenuEntry' object has no attribute 'Type' https://bugzilla.redhat.com/show_bug.cgi?id=1654857 --------------------------------------------------------------------------------
================================================================================ regindexer-0.4-1.fc29 (FEDORA-2018-e861f9bfb6) Tool for creating an index of a container registry -------------------------------------------------------------------------------- Update Information:
Update to version 0.4 - fixes a problem where only the first 100 repositories in a registry would be indexed. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 fedora-toolbox otaylor@redhat.com - 0.4-1 - Version 0.4 (fixes problem with > 100 repositories) * Wed Aug 29 2018 Owen Taylor otaylor@redhat.com - 0.3-1 - Version 0.3 --------------------------------------------------------------------------------
================================================================================ rubygem-jekyll-toc-0.9.1-1.fc29 (FEDORA-2018-010ff92a53) Jekyll Table of Contents plugin -------------------------------------------------------------------------------- Update Information:
Update to version 0.9.1. Release notes: https://github.com/toshimaru/jekyll- toc/releases/tag/v0.9.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Fabio Valentini decathorpe@gmail.com - 0.9.1-1 - Update to version 0.9.1. --------------------------------------------------------------------------------
================================================================================ strawberry-0.4.2-1.fc29 (FEDORA-2018-c09c3b72f7) An audio player and music collection organizer -------------------------------------------------------------------------------- Update Information:
Release 0.4.2 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.4.2-1 - Release 0.4.2 --------------------------------------------------------------------------------
================================================================================ switchboard-2.3.5-1.fc29 (FEDORA-2018-e3f8c58e83) Modular Desktop Settings Hub -------------------------------------------------------------------------------- Update Information:
Update to version 2.3.5. Release notes: https://github.com/elementary/switchboard/releases/tag/2.3.5 -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Fabio Valentini decathorpe@gmail.com - 2.3.5-1 - Update to version 2.3.5. --------------------------------------------------------------------------------
================================================================================ unixODBC-2.3.7-2.fc29 (FEDORA-2018-e8115812ed) A complete ODBC driver manager for Linux -------------------------------------------------------------------------------- Update Information:
Configuration for 'mysql-connector-odbc' package reflecting MySQL 8 shipped within this update Test with: https://bodhi.fedoraproject.org/updates/FEDORA-2018-aac3769cee -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Michal Schorm mschorm@redhat.com - 2.3.7-2 - Bump for rebuild to ship updated configuration --------------------------------------------------------------------------------
================================================================================ vinagre-3.22.0-12.fc29 (FEDORA-2018-3b16389936) VNC client for GNOME -------------------------------------------------------------------------------- Update Information:
FreeRDP update to the latest release candidate and fix of RDP support in Vinagre. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Ondrej Holy oholy@redhat.com - 3.22.0-12 - Fix build with recent FreeRDP versions -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1636560 - Black screen when using RDP in Remote Desktop viewer https://bugzilla.redhat.com/show_bug.cgi?id=1636560 --------------------------------------------------------------------------------
================================================================================ zsh-5.6.2-3.fc29 (FEDORA-2018-33cd18f0f7) Powerful interactive shell -------------------------------------------------------------------------------- Update Information:
- return non-zero exit status on nested parse error (#1654989) -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 30 2018 Kamil Dudka kdudka@redhat.com - 5.6.2-3 - return non-zero exit status on nested parse error (#1654989) --------------------------------------------------------------------------------