The following Fedora 28 Security updates need testing: Age URL 286 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 235 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 234 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 110 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 62 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 62 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 41 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 38 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b tomcat-8.5.35-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0398d1b049 haproxy-1.8.17-1.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-93b4b78e58 runc-1.0.0-67.dev.git12f6a99.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-596813cc59 electrum-3.2.4-2.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0b44528ff1 nagios-4.4.3-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c1be924df gvfs-1.36.2-3.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-901feba171 docker-1.13.1-63.git1185cfd.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-723711c645 docker-latest-1.13.1-40.git1185cfd.fc28 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b8ffb3768d python37-3.7.2-2.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fbd2bad9f9 wireshark-2.6.6-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 62 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28 55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28 53 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c86898e4a7 gdb-8.1.1-4.fc28 51 https://bodhi.fedoraproject.org/updates/FEDORA-2018-12c54ca4bf gjs-1.52.5-1.fc28 41 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e highlight-3.48-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1692c82673 pcmanfm-1.3.1-2.D20181227git0619a81f.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e0eb3d797e systemd-238-11.gita76ee90.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-1c1cd19344 pcre-8.42-6.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-637e5c7a74 pcre2-10.32-5.fc28 10 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2bd43510d5 pungi-4.1.32-3.fc28 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e8a902b473 selinux-policy-3.14.1-51.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6250e66e80 breeze-icon-theme-5.54.0-1.fc28 extra-cmake-modules-5.54.0-1.fc28 kf5-5.54.0-1.fc28 kf5-attica-5.54.0-1.fc28 kf5-baloo-5.54.0-1.fc28 kf5-bluez-qt-5.54.0-1.fc28 kf5-frameworkintegration-5.54.0-1.fc28 kf5-kactivities-5.54.0-1.fc28 kf5-kactivities-stats-5.54.0-1.fc28 kf5-kapidox-5.54.0-1.fc28 kf5-karchive-5.54.0-1.fc28 kf5-kauth-5.54.0-1.fc28 kf5-kbookmarks-5.54.0-1.fc28 kf5-kcmutils-5.54.0-1.fc28 kf5-kcodecs-5.54.0-1.fc28 kf5-kcompletion-5.54.0-1.fc28 kf5-kconfig-5.54.0-1.fc28 kf5-kconfigwidgets-5.54.0-1.fc28 kf5-kcoreaddons-5.54.0-1.fc28 kf5-kcrash-5.54.0-1.fc28 kf5-kdbusaddons-5.54.0-1.fc28 kf5-kdeclarative-5.54.0-1.fc28 kf5-kded-5.54.0-1.fc28 kf5-kdelibs4support-5.54.0-1.fc28 kf5-kdesignerplugin-5.54.0-1.fc28 kf5-kdesu-5.54.0-1.fc28 kf5-kdewebkit-5.54.0-1.fc28 kf5-kdnssd-5.54.0-1.fc28 kf5-kdoctools-5.54.0-1.fc28 kf5-kemoticons-5.54.0-1.fc28 kf5-kfilemetadata-5.54.0-1.fc28 kf5-kglobalaccel-5.54.0-1.fc28 kf5-kguiad dons-5.54.0-1.fc28 kf5-kholidays-5.54.0-1.fc28 kf5-khtml-5.54.0-1.fc28 kf5-ki18n-5.54.0-1.fc28 kf5-kiconthemes-5.54.0-1.fc28 kf5-kidletime-5.54.0-1.fc28 kf5-kimageformats-5.54.0-1.fc28 kf5-kinit-5.54.0-1.fc28 kf5-kio-5.54.1-1.fc28 kf5-kirigami2-5.54.0-1.fc28 kf5-kitemmodels-5.54.0-1.fc28 kf5-kitemviews-5.54.0-1.fc28 kf5-kjobwidgets-5.54.0-1.fc28 kf5-kjs-5.54.0-1.fc28 kf5-kjsembed-5.54.0-1.fc28 kf5-kmediaplayer-5.54.0-1.fc28 kf5-knewstuff-5.54.0-1.fc28 kf5-knotifications-5.54.0-1.fc28 kf5-knotifyconfig-5.54.0-1.fc28 kf5-kpackage-5.54.0-1.fc28 kf5-kparts-5.54.0-1.fc28 kf5-kpeople-5.54.0-1.fc28 kf5-kplotting-5.54.0-1.fc28 kf5-kpty-5.54.0-1.fc28 kf5-kross-5.54.0-1.fc28 kf5-krunner-5.54.0-1.fc28 kf5-kservice-5.54.0-1.fc28 kf5-ktexteditor-5.54.0-1.fc28 kf5-ktextwidgets-5.54.0-1.fc28 kf5-kunitconversion-5.54.0-1.fc28 kf5-kwallet-5.54.0-1.fc28 kf5-kwayland-5.54.0-1.fc28 kf5-kwidgetsaddons-5.54.0-1.fc28 kf5-kwindowsystem-5.54.0-1.fc28 kf5-kxmlgui-5.54.0-1.fc28 kf5-kxmlrpcclient-5.54.0-1.fc28 kf5-modemmanager-qt-5.54.0-1.fc28 kf5-networkmanager-qt-5.54.0-1.fc28 kf5-plasma-5.54.0-1.fc28 kf5-prison-5.54.0-1.fc28 kf5-purpose-5.54.0-1.fc28 kf5-solid-5.54.0-1.fc28 kf5-sonnet-5.54.0-1.fc28 kf5-syndication-5.54.0-1.fc28 kf5-syntax-highlighting-5.54.0-1.fc28 kf5-threadweaver-5.54.0-1.fc28 oxygen-icon-theme-5.54.0-1.fc28 qqc2-desktop-style-5.54.0-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0335b44dbc lorax-28.25-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0c1be924df gvfs-1.36.2-3.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2e1cc4fe99 pango-1.42.4-2.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0956d60ffd krb5-1.16.1-25.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7ad550b301 glusterfs-4.1.7-2.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-031b192323 gnome-online-accounts-3.28.1-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-69bc69ce0b appstream-data-28-12.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ffb6dfc8a9 p11-kit-0.23.15-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-870e8d8234 osinfo-db-20190120-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
FlightGear-2018.1.1-3.fc28 R-IRkernel-0.8.15-1.fc28 container-selinux-2.80-1.git1b655d9.fc28 erlang-20.3.8.18-1.fc28 flatpak-module-tools-0.9.1-1.fc28 golang-github-jawher-mow-cli-1.0.4-1.fc28 ibus-libpinyin-1.11.0-1.fc28 ibus-libzhuyin-1.9.0-1.fc28 libpinyin-2.2.2-1.fc28 libwebp-1.0.2-1.fc28 linux-firmware-20190118-91.gita8b75cac.fc28 mingw-libwebp-1.0.2-1.fc28 moodle-3.4.7-1.fc28 nfoview-1.26-1.fc28 phan-1.2.1-1.fc28 php-microsoft-tolerant-php-parser-0.0.16-1.fc28 poppler-0.62.0-14.fc28 python-pycxx-7.1.0-1.fc28 python-ttystatus-0.38-1.fc28 python-tvb-data-1.5.6-4.20191229git7d2d05b.fc28 rednotebook-2.8-1.fc28 singularity-3.0.3-1.fc28 vala-0.40.13-1.fc28 virtualbox-guest-additions-5.2.24-1.fc28
Details about builds:
================================================================================ FlightGear-2018.1.1-3.fc28 (FEDORA-2019-58d9bcf9e9) The FlightGear Flight Simulator -------------------------------------------------------------------------------- Update Information:
The rebuild of FlightGear is needed due to the update of qt5 to version 5.11.3 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Fabrice Bellet fabrice@bellet.info - 2018.1.1-3 - rebuild for newer qt5 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1667639 - FlightGear needs rebuild for Qt 5.11.3 bugfix and security update https://bugzilla.redhat.com/show_bug.cgi?id=1667639 --------------------------------------------------------------------------------
================================================================================ R-IRkernel-0.8.15-1.fc28 (FEDORA-2019-709eb52ea0) Native R Kernel for the 'Jupyter Notebook' -------------------------------------------------------------------------------- Update Information:
Initial package of IRkernel for R -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1666942 - Review Request: R-IRkernel - Native R Kernel for the 'Jupyter Notebook' https://bugzilla.redhat.com/show_bug.cgi?id=1666942 --------------------------------------------------------------------------------
================================================================================ container-selinux-2.80-1.git1b655d9.fc28 (FEDORA-2019-b627928416) SELinux policies for container runtimes -------------------------------------------------------------------------------- Update Information:
Remove access to container runtime sockets. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Dan Walsh dwalsh@fedoraproject.org - 2.80-1 - Don't allow containers to talk to contianer runtime sockets --------------------------------------------------------------------------------
================================================================================ erlang-20.3.8.18-1.fc28 (FEDORA-2019-b436caa6dd) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information:
* Erlang ver. 20.3.8.18 ---- * Fix for nodes querying ---- * Erlang ver. 20.3.8.17 ---- * Erlang ver. 20.3.8.16 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Peter Lemenkov lemenkov@gmail.com - 20.3.8.18-1 - Ver. 20.3.8.18 * Tue Jan 15 2019 Peter Lemenkov lemenkov@gmail.com - 20.3.8.17-2 - Fix issue with nodes info querying - Enable verbose build logs * Thu Jan 10 2019 Peter Lemenkov lemenkov@gmail.com - 20.3.8.17-1 - Ver. 20.3.8.17 * Tue Jan 8 2019 Peter Lemenkov lemenkov@gmail.com - 20.3.8.16-1 - Ver. 20.3.8.16 * Mon Dec 10 2018 Peter Lemenkov lemenkov@gmail.com - 20.3.8.15-1 - Ver. 20.3.8.15 --------------------------------------------------------------------------------
================================================================================ flatpak-module-tools-0.9.1-1.fc28 (FEDORA-2019-d83f0784ee) Tools for maintaining Flatpak applications and runtimes as Fedora modules -------------------------------------------------------------------------------- Update Information:
Version 0.9.1 * Add a configuration system to allow profiles pointing at different infrastructure * Fix compatibility with mock configured to use systemd-nspawn * Bug fixes -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 fedora-toolbox otaylor@redhat.com - 0.9.1-1 - Version 0.9.1 - bug fixes including systemd-nspawn compatibility * Tue Jan 22 2019 Owen Taylor otaylor@redhat.com - 0.9-1 - Version 0.9 - configurability, fixes for F29 dnf compatibility --------------------------------------------------------------------------------
================================================================================ golang-github-jawher-mow-cli-1.0.4-1.fc28 (FEDORA-2019-e93ca6c4d0) Versatile library for building CLI applications in Go -------------------------------------------------------------------------------- Update Information:
- Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1663708 - Review Request: golang-github-jawher-mow-cli - Versatile library for building CLI applications in Go https://bugzilla.redhat.com/show_bug.cgi?id=1663708 --------------------------------------------------------------------------------
================================================================================ ibus-libpinyin-1.11.0-1.fc28 (FEDORA-2019-f6e74b18e6) Intelligent Pinyin engine based on libpinyin for IBus -------------------------------------------------------------------------------- Update Information:
ibus-libpinyin * fixes keypad decimal * fixes emoji candidates * support configurable opencc config ibus-libzhuyin * fixes special symbol * add need- tone option -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 21 2019 Peng Wu pwu@redhat.com - 1.11.0-1 - Update to 1.11.0 - fixes keypad decimal - fixes emoji candidates - support configurable opencc config --------------------------------------------------------------------------------
================================================================================ ibus-libzhuyin-1.9.0-1.fc28 (FEDORA-2019-f6e74b18e6) New Zhuyin engine based on libzhuyin for IBus -------------------------------------------------------------------------------- Update Information:
ibus-libpinyin * fixes keypad decimal * fixes emoji candidates * support configurable opencc config ibus-libzhuyin * fixes special symbol * add need- tone option -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Peng Wu pwu@redhat.com - 1.9.0-1 - Update to 1.9.0 - fixes special symbol - add need-tone option --------------------------------------------------------------------------------
================================================================================ libpinyin-2.2.2-1.fc28 (FEDORA-2019-f6e74b18e6) Library to deal with pinyin -------------------------------------------------------------------------------- Update Information:
ibus-libpinyin * fixes keypad decimal * fixes emoji candidates * support configurable opencc config ibus-libzhuyin * fixes special symbol * add need- tone option -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 21 2019 Peng Wu pwu@redhat.com - 2.2.2-1 - Update to 2.2.2 - minor fixes --------------------------------------------------------------------------------
================================================================================ libwebp-1.0.2-1.fc28 (FEDORA-2019-83a19b396a) Library and tools for the WebP graphics format -------------------------------------------------------------------------------- Update Information:
Update to libwebp-1.0.2, see https://raw.githubusercontent.com/webmproject/libwebp/master/NEWS for details. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Sandro Mani manisandro@gmail.com - 1.0.2-1 - Update to 1.0.2 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1667640 - libwebp-1.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667640 --------------------------------------------------------------------------------
================================================================================ linux-firmware-20190118-91.gita8b75cac.fc28 (FEDORA-2019-1ea282e58d) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information:
* Latest Intel 9000 series WiFi/Bluetooth firmware * Marvell WiFi (USB8801), cxgb4, amdgpu updates * Raspberrp Pi 3-series NMRAM updates -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Peter Robinson pbrobinson@fedoraproject.org 20190118-91.gita8b75cac - Latest Intel 9000 series WiFi/Bluetooth firmware - Marvell WiFi (USB8801), cxgb4, amdgpu updates - Raspberrp Pi 3-series NMRAM updates --------------------------------------------------------------------------------
================================================================================ mingw-libwebp-1.0.2-1.fc28 (FEDORA-2019-83a19b396a) MinGW compilation of Library and tools for the WebP format -------------------------------------------------------------------------------- Update Information:
Update to libwebp-1.0.2, see https://raw.githubusercontent.com/webmproject/libwebp/master/NEWS for details. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Sandro Mani manisandro@gmail.com - 1.0.2-1 - Update to 1.0.2 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1667640 - libwebp-1.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1667640 --------------------------------------------------------------------------------
================================================================================ moodle-3.4.7-1.fc28 (FEDORA-2019-077cd6f168) A Course Management System -------------------------------------------------------------------------------- Update Information:
Multiple CVE fixes. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Gwyn Ciesla limburgher@gmail.com - 3.4.7-1 - 3.4.7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1668074 - CVE-2019-3810 moodle: User full name is not escaped in the un-linked userpix page (MSA-19-0003) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668074 [ 2 ] Bug #1668068 - CVE-2019-3809 moodle: Blind SSRF Risk in /badges/mybackpack.php (MSA-19-0002) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668068 [ 3 ] Bug #1668066 - CVE-2019-3808 moodle: Manage groups capability is missing XSS risk flag (MSA-19-0001) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668066 [ 4 ] Bug #1668065 - CVE-2019-3808 moodle: Manage groups capability is missing XSS risk flag (MSA-19-0001) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668065 --------------------------------------------------------------------------------
================================================================================ nfoview-1.26-1.fc28 (FEDORA-2019-2262d15d6a) A viewer for NFO files -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 1.26 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Fabian Affolter mail@fabian-affolter.ch - 1.26-1 - Update to new upstream version 1.26 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 1.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.24-2 - Rebuilt for Python 3.7 --------------------------------------------------------------------------------
================================================================================ phan-1.2.1-1.fc28 (FEDORA-2019-5dcb6cb509) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information:
18 Jan 2019, **Phan 1.2.1** **New features (CLI):** + Add short flags: `-S` for `--strict-type-checking`, `-C` for `--color`, `-P` for `--plugin <plugin>` **New features (Analysis):** + Infer that the result of `array_map` has integer keys when passed two or more arrays (#2277) + Improve inferences about the left hand side of `&&` statements such as `$leftVar && (other_expression);` (#2300) + Warn about passing an undefined variable to a function expecting a reference parameter with a real, non-nullable type (#1344) + Include variables in scope as alternative suggestions for undeclared properties (#1680) + Infer a string literal when analyzing calls to `basename` or `dirname` on an expression that evaluates to a string literal. (#2323) + Be stricter about warning when literal int/string values are passed to incompatible scalar types when `scalar_implicit_cast` or `scalar_implicit_partial` are used. (#2340) **Maintenance:** + End the output for `--output-mode <json>` with a newline. + Upgrade tolerant-php-parser, making the polyfill/fallback properly parse `$a && $b = $c` (#2180) + Add updates to the function/method signature map from Psalm and PHPStan. **Language Server/Daemon mode:** + Add `--output-mode <mode>` to `phan_client`. (#1568). Supported formats: `phan_client` (default), `text`, `json`, `csv`, `codeclimate`, `checkstyle`, or `pylint` + Add `--color` to `phan_client` (e.g. for use with `--output-mode text`) + Add `--language-server- completion-vscode`. This is a workaround to make completion of variables and static properties work in [the Phan plugin for VS Code](https://github.com/tysonandre/vscode-php-phan) + Include Phan's signature types in hover text for internal and user-defined methods (instead of just the real types) (#2309) Also, show defaults of non-nullable parameters as `= default` instead of `= null` + Properly return a result set when requesting variable completion of `$` followed by nothing. + Fix code completion when `--language-server-analyze-only-on-save` is on. (#2327) **Plugins:** + Add a new issue type to `DuplicateExpressionPlugin`: `PhanPluginBothLiteralsBinaryOp`. (#2297) (warns about suspicious expressions such as `null == 'a literal` in `$x ?? null == 'a literal'`) + Support `assertInternalType` in `PHPUnitAssertionPlugin` (#2290) + Warn when identical dynamic expressions (e.g. variables, function calls) are used as array keys in `DuplicateArrayKeyPlugin` ---- **microsoft/tolerant-php-parser version 0.0.16** -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 19 2019 Remi Collet remi@remirepo.net - 1.2.1-1 - update to 1.2.1 - raise dependency on microsoft/tolerant-php-parser 0.0.16 --------------------------------------------------------------------------------
================================================================================ php-microsoft-tolerant-php-parser-0.0.16-1.fc28 (FEDORA-2019-5dcb6cb509) Tolerant PHP-to-AST parser -------------------------------------------------------------------------------- Update Information:
18 Jan 2019, **Phan 1.2.1** **New features (CLI):** + Add short flags: `-S` for `--strict-type-checking`, `-C` for `--color`, `-P` for `--plugin <plugin>` **New features (Analysis):** + Infer that the result of `array_map` has integer keys when passed two or more arrays (#2277) + Improve inferences about the left hand side of `&&` statements such as `$leftVar && (other_expression);` (#2300) + Warn about passing an undefined variable to a function expecting a reference parameter with a real, non-nullable type (#1344) + Include variables in scope as alternative suggestions for undeclared properties (#1680) + Infer a string literal when analyzing calls to `basename` or `dirname` on an expression that evaluates to a string literal. (#2323) + Be stricter about warning when literal int/string values are passed to incompatible scalar types when `scalar_implicit_cast` or `scalar_implicit_partial` are used. (#2340) **Maintenance:** + End the output for `--output-mode <json>` with a newline. + Upgrade tolerant-php-parser, making the polyfill/fallback properly parse `$a && $b = $c` (#2180) + Add updates to the function/method signature map from Psalm and PHPStan. **Language Server/Daemon mode:** + Add `--output-mode <mode>` to `phan_client`. (#1568). Supported formats: `phan_client` (default), `text`, `json`, `csv`, `codeclimate`, `checkstyle`, or `pylint` + Add `--color` to `phan_client` (e.g. for use with `--output-mode text`) + Add `--language-server- completion-vscode`. This is a workaround to make completion of variables and static properties work in [the Phan plugin for VS Code](https://github.com/tysonandre/vscode-php-phan) + Include Phan's signature types in hover text for internal and user-defined methods (instead of just the real types) (#2309) Also, show defaults of non-nullable parameters as `= default` instead of `= null` + Properly return a result set when requesting variable completion of `$` followed by nothing. + Fix code completion when `--language-server-analyze-only-on-save` is on. (#2327) **Plugins:** + Add a new issue type to `DuplicateExpressionPlugin`: `PhanPluginBothLiteralsBinaryOp`. (#2297) (warns about suspicious expressions such as `null == 'a literal` in `$x ?? null == 'a literal'`) + Support `assertInternalType` in `PHPUnitAssertionPlugin` (#2290) + Warn when identical dynamic expressions (e.g. variables, function calls) are used as array keys in `DuplicateArrayKeyPlugin` ---- **microsoft/tolerant-php-parser version 0.0.16** -------------------------------------------------------------------------------- ChangeLog:
* Sat Jan 19 2019 Remi Collet remi@remirepo.net - 0.0.16-1 - update to 0.0.16 --------------------------------------------------------------------------------
================================================================================ poppler-0.62.0-14.fc28 (FEDORA-2019-40f4af0687) PDF rendering library -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2018-20551, CVE-2018-20481 and CVE-2018-20650. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Marek Kasik mkasik@redhat.com - 0.62.0-14 - Avoid global display profile state becoming an uncontrolled - memory leak - Resolves: #1646549 * Mon Jan 21 2019 Marek Kasik mkasik@redhat.com - 0.62.0-13 - Do not try to parse into unallocated XRef entry - Resolves: #1665268 * Mon Jan 21 2019 Marek Kasik mkasik@redhat.com - 0.62.0-12 - Move the fileSpec.dictLookup call inside fileSpec.isDict if - Resolves: #1665264 * Mon Jan 21 2019 Marek Kasik mkasik@redhat.com - 0.62.0-11 - Do not try to construct invalid rich media annotation assets - Resolves: #1665260 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1665259 - CVE-2018-20551 poppler: reachable Object::getString assertion in AnnotRichMedia class in Annot.c https://bugzilla.redhat.com/show_bug.cgi?id=1665259 [ 2 ] Bug #1665266 - CVE-2018-20481 poppler: NULL pointer dereference in the XRef::getEntry in XRef.cc https://bugzilla.redhat.com/show_bug.cgi?id=1665266 [ 3 ] Bug #1665263 - CVE-2018-20650 poppler: reachable Object::dictLookup assertion in FileSpec class in FileSpec.cc https://bugzilla.redhat.com/show_bug.cgi?id=1665263 [ 4 ] Bug #1646546 - CVE-2018-18897 poppler: memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc https://bugzilla.redhat.com/show_bug.cgi?id=1646546 --------------------------------------------------------------------------------
================================================================================ python-pycxx-7.1.0-1.fc28 (FEDORA-2019-8c625f93f3) Write Python extensions in C++ -------------------------------------------------------------------------------- Update Information:
Update to 7.1.0. -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 21 2019 Richard Shaw hobbes1069@gmail.com - 7.1.0-1 - Update to 7.1.0. * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 7.0.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 29 2018 Miro Hron��ok mhroncok@redhat.com - 7.0.3-3 - Add Python 3.7 patch to add const - Invoke python2 with python2, not python * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 7.0.3-2 - Rebuilt for Python 3.7 --------------------------------------------------------------------------------
================================================================================ python-ttystatus-0.38-1.fc28 (FEDORA-2019-abd92a0d04) Progress and status updates on terminals for Python -------------------------------------------------------------------------------- Update Information:
- Update to latest upstream release - Also build for Python 3 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jan 21 2019 Michel Alexandre Salim salimma@fedoraproject.org - 0.38-1 - Update to 0.38 - Also build for Python 3 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.34-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1605959 - python-ttystatus: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1605959 [ 2 ] Bug #1458531 - python-ttystatus-0.37.orig is available https://bugzilla.redhat.com/show_bug.cgi?id=1458531 --------------------------------------------------------------------------------
================================================================================ python-tvb-data-1.5.6-4.20191229git7d2d05b.fc28 (FEDORA-2019-5e7dbe87d4) Demo data for The Virtual Brain software -------------------------------------------------------------------------------- Update Information:
New package! TVB data: data for The Virtual Brain -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1662538 - Review Request: python-tvb-data - Demo data for The Virtual Brain software https://bugzilla.redhat.com/show_bug.cgi?id=1662538 --------------------------------------------------------------------------------
================================================================================ rednotebook-2.8-1.fc28 (FEDORA-2019-471bb227b4) Daily journal with calendar, templates and keyword searching -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release 2.8 -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Fabian Affolter mail@fabian-affolter.ch - 2.8-1 - Update to latest upstream release 2.8 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 2.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ singularity-3.0.3-1.fc28 (FEDORA-2019-0375d57669) Application and environment virtualization -------------------------------------------------------------------------------- Update Information:
Update to upstream 3.0.3-1 release. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Dave Dykstra dwd@fedoraproject.org - 3.0.3-1 - Update to upstream 3.0.3-1 release. * Fri Jan 18 2019 Dave Dykstra dwd@fedoraproject.org - 3.0.3-rc2 - Update to upstream 3.0.3-rc2 * Wed Jan 16 2019 Dave Dykstra dwd@fedoraproject.org - 3.0.3-rc1 - Update to upstream 3.0.3-rc1 * Wed Jan 9 2019 Dave Dykstra dwd@fedoraproject.org - 3.0.2-1.2 - Add patch for PR 2531 * Mon Jan 7 2019 Dave Dykstra dwd@fedoraproject.org - 3.0.2-1.1 - Update to upstream 3.0.2 - Added patches for PRs 2472, 2478, 2481 --------------------------------------------------------------------------------
================================================================================ vala-0.40.13-1.fc28 (FEDORA-2019-59e549ef81) A modern programming language for GNOME -------------------------------------------------------------------------------- Update Information:
vala 0.40.13 release. For details, see https://mail.gnome.org/archives/ftp- release-list/2019-January/msg00080.html -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Kalev Lember klember@redhat.com - 0.40.13-1 - Update to 0.40.13 --------------------------------------------------------------------------------
================================================================================ virtualbox-guest-additions-5.2.24-1.fc28 (FEDORA-2019-90d975657d) VirtualBox Guest Additions -------------------------------------------------------------------------------- Update Information:
- Update Virtualbox Guest Additions to 5.2.24, security fix version -------------------------------------------------------------------------------- ChangeLog:
* Tue Jan 22 2019 Hans de Goede hdegoede@redhat.com - 5.2.24-1 - Update Virtualbox Guest Additions to 5.2.24, security fix version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1668440 - virtualbox-guest-additions 5.2.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1668440 --------------------------------------------------------------------------------