The following Fedora 29 Security updates need testing: Age URL 33 https://bodhi.fedoraproject.org/updates/FEDORA-2019-49f80a78bc mingw-sqlite-3.26.0.0-1.fc29 13 https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1 asterisk-16.2.1-1.fc29 12 https://bodhi.fedoraproject.org/updates/FEDORA-2019-07e8e806e0 golang-googlecode-net-0-0.49.20190302git16b79f2.fc29 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d83e78ad8 libu2f-host-1.1.8-1.fc29 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f528d75a69 python2-django1.11-1.11.20-1.fc29 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-f781d5c4c6 ntp-4.2.8p13-1.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-15d57af79a ghostscript-9.26-3.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-2c020ccbd5 tcpflow-1.5.0-4.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-615e060d4e libzip-1.5.2-1.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf531902c8 SDL-1.2.15-37.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e40253f67e tcpreplay-4.3.2-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf68d77a2c wordpress-5.1.1-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a9a37fed18 php-twig2-2.7.2-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c8712a42dc php-twig-1.38.2-2.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-64b384de9b openwsman-2.6.5-9.fc29
The following Fedora 29 Critical Path updates have yet to be approved: Age URL 9 https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d2303dc16 pungi-4.1.34-1.fc29 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dc12e55a94 gstreamer1-plugins-good-1.14.4-2.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9dc9d64b2f python-blivet-3.1.2-3.fc29 3 https://bodhi.fedoraproject.org/updates/FEDORA-2019-940d3922ce koji-1.17.0-5.fc29 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5329292fc2 fedfind-4.2.2-1.fc29 python-productmd-1.20-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-64b384de9b openwsman-2.6.5-9.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a03be2cebe createrepo_c-0.12.2-1.fc29 dnf-4.2.1-1.fc29 dnf-plugins-core-4.0.6-1.fc29 dnf-plugins-extras-4.0.4-1.fc29 libcomps-0.1.11-1.fc29 libdnf-0.28.0-1.fc29 librepo-1.9.5-1.fc29 0 https://bodhi.fedoraproject.org/updates/FEDORA-2019-5c61c9974a libldb-1.4.6-1.fc29 samba-4.9.5-0.fc29
The following builds have been pushed to Fedora 29 updates-testing
PyYAML-5.1-1.fc29 R-mapproj-1.2.6-1.fc29 R-polyclip-1.10.0-1.fc29 R-readxl-1.3.1-1.fc29 WALinuxAgent-2.2.38-1.fc29 blogilo-17.08.3-13.fc29 c-graph-2.0.1-1.fc29 dnscrypt-proxy-2.0.20-1.fc29 fapolicyd-0.8.8-2.fc29 fedora-repos-29-4 golang-github-SAP-go-hdb-0.14.0-1.fc29 golang-github-census-instrumentation-opencensus-proto-0.2.0-1.fc29 golang-github-google-btree-0-0.17.20190314git4030bb1.fc29 golang-github-googleapis-gax-2.0.4-1.fc29 golang-github-openzipkin-zipkin-0.1.6-1.fc29 golang-github-roaringbitmap-roaring-0.4.16-1.fc29 golang-github-ugorji-go-1.1.2-1.fc29 grads-2.0.2-29.fc29 libseccomp-2.4.0-0.fc29 mingw-podofo-0.9.6-8.fc29 mod_http2-1.14.1-1.fc29 monitorix-3.11.0-1.fc29 openqa-4.6-13.20190312gitb3e49dc.fc29 os-autoinst-4.5-15.20190312git1080c39.fc29 packit-0.0.1-1.fc29 php-pecl-redis4-4.3.0-1.fc29 pipenv-2018.11.26-7.fc29 podofo-0.9.6-6.fc29 python-xlsxwriter-1.1.5-1.fc29 ravada-0.3.4-1.fc29 sddm-0.18.0-4.fc29 thunderbird-60.5.3-1.fc29 toolbox-0.0.7-1.fc29
Details about builds:
================================================================================ PyYAML-5.1-1.fc29 (FEDORA-2019-bed9afe622) YAML parser and emitter for Python -------------------------------------------------------------------------------- Update Information:
New upstream release 5.1 (rhbz#1688414) Fixes CVE-2017-18342 (rhbz#1595744) -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 John Eckersberg eck@redhat.com - 5.1-1 - New upstream release 5.1 (rhbz#1688414) - Fixes CVE-2017-18342 (rhbz#1595744) * Fri Mar 8 2019 John Eckersberg eck@redhat.com - 5.1-0.1.b6 - New upstream beta release 5.1b6 (rhbz#1686643) * Thu Feb 28 2019 John Eckersberg eck@redhat.com - 5.1-0.1.b3 - New upstream beta release 5.1b3 (rhbz#1683884) * Mon Feb 25 2019 John Eckersberg eck@redhat.com - 5.1-0.1.b1 - New upstream beta release 5.1b1 (rhbz#1680457) - Typo fix (rhbz#1680463) * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 4.2-0.2.b4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688414 - PyYAML-5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688414 [ 2 ] Bug #1595744 - CVE-2017-18342 PyYAML: yaml.load() API could execute arbitrary code [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1595744 --------------------------------------------------------------------------------
================================================================================ R-mapproj-1.2.6-1.fc29 (FEDORA-2019-4dd9e2bd6c) Map Projections -------------------------------------------------------------------------------- Update Information:
Initial package of mapproj for R -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687781 - Review Request: R-mapproj - Map Projections https://bugzilla.redhat.com/show_bug.cgi?id=1687781 --------------------------------------------------------------------------------
================================================================================ R-polyclip-1.10.0-1.fc29 (FEDORA-2019-0c22b04939) Polygon Clipping -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.10.0-1 - Update to latest version * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688670 - R-polyclip-1.10-0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688670 --------------------------------------------------------------------------------
================================================================================ R-readxl-1.3.1-1.fc29 (FEDORA-2019-ab3533586f) Read Excel Files -------------------------------------------------------------------------------- Update Information:
Initial package of readxl for R -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687216 - Review Request: R-readxl - Read Excel Files https://bugzilla.redhat.com/show_bug.cgi?id=1687216 [ 2 ] Bug #1688557 - R-readxl-1.3.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688557 --------------------------------------------------------------------------------
================================================================================ WALinuxAgent-2.2.38-1.fc29 (FEDORA-2019-c84f291592) The Microsoft Azure Linux Agent -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2019-0804 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Vitaly Kuznetsov vkuznets@redhat.com - 2.2.38-1 - Update to 2.2.38 (CVE-2019-0804) * Thu Mar 14 2019 Vitaly Kuznetsov vkuznets@redhat.com - 2.2.37-1 - Update to 2.2.37 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1684181 - CVE-2019-0804 WALinuxAgent: swapfile created with weak permissions https://bugzilla.redhat.com/show_bug.cgi?id=1684181 --------------------------------------------------------------------------------
================================================================================ blogilo-17.08.3-13.fc29 (FEDORA-2019-8dc8b2894b) Blogging Client -------------------------------------------------------------------------------- Update Information:
This update brings back Blogilo, the KDE blog client. Blogilo is no longer part of upstream KDE Applications releases, but this update gets the last release (17.08.3) compiling again. Issues should be reported to https://bugzilla.redhat.com/ (rather than upstream). -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 17.08.3-13 - Add missing (optional) BuildRequires: libkgapi-devel * Thu Mar 14 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 17.08.3-12 - Bump Release for upgrade path from the Kannolo Copr * Tue Mar 12 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 17.08.3-11 - Remove obsolete ldconfig scriptlets - Add missing Requires: hicolor-icon-theme - Add missing BuildRequires: gcc-c++ and (explicit) BuildRequires: cmake - Remove duplicate mention of the HTML documentation from the file list * Thu Jan 3 2019 Kevin Kofler Kevin@tigcc.ticalc.org - 17.08.3-10 - Bump Release to evade bogus Obsoletes in kf5-kblog - Add upstream patch by dvratil to fix dependencies, from Debian package - Use the _kf5_metainfodir macro instead of hardcoding appdata * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 17.08.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Sun Jan 7 2018 Igor Gnatenko ignatenkobrain@fedoraproject.org - 17.08.3-2 - Remove obsolete scriptlets * Wed Nov 8 2017 Rex Dieter rdieter@fedoraproject.org - 17.08.3-1 - 17.08.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1663348 - Review Request: blogilo - Blogging Client https://bugzilla.redhat.com/show_bug.cgi?id=1663348 --------------------------------------------------------------------------------
================================================================================ c-graph-2.0.1-1.fc29 (FEDORA-2019-a150d39b76) Convolution Graph -------------------------------------------------------------------------------- Update Information:
New upstream release. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 pcpa paulo.cesar.pereira.de.andrade@gmail.com - 2.0.1-1 - New upstream release * Thu Mar 7 2019 Tim Landscheidt tim@tim-landscheidt.de - 2.0-16 - Remove obsolete requirements for %post/%preun scriptlets * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ dnscrypt-proxy-2.0.20-1.fc29 (FEDORA-2019-34d4bf1f39) A flexible DNS proxy, with support for encrypted DNS protocols -------------------------------------------------------------------------------- Update Information:
Release 2.0.20 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.0.20-1 - Release 2.0.20 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1464793 - dnscrypt-proxy-2.0.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1464793 --------------------------------------------------------------------------------
================================================================================ fapolicyd-0.8.8-2.fc29 (FEDORA-2019-ab798ece78) Application Whitelisting Daemon -------------------------------------------------------------------------------- Update Information:
backport some patches to resolve dac_override for fapolicyd ---- New upstream release -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Radovan Sroka rsroka@redhat.com - 0.8.8-2 - backport some patches to resolve dac_override for fapolicyd * Mon Mar 11 2019 Radovan Sroka rsroka@redhat.com - 0.8.8-1 - New upstream release - Added new DNF plugin that can update the trust database when rpms are installed - Added support for FAN_OPEN_EXEC_PERM --------------------------------------------------------------------------------
================================================================================ fedora-repos-29-4 (FEDORA-2019-5b1951b701) Fedora package repositories -------------------------------------------------------------------------------- Update Information:
Added f31 archmap to the f28 and f29 fedora-repos packages. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Mohan Boddu mboddu@bhujji.com - 29-4 - Adding F31 archmap (BZ #1688460) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688460 - Fedora 31 keys not added to fedora-gpg-keys properly (breaks upgrade to Rawhide) https://bugzilla.redhat.com/show_bug.cgi?id=1688460 --------------------------------------------------------------------------------
================================================================================ golang-github-SAP-go-hdb-0.14.0-1.fc29 (FEDORA-2019-8b0e6acc92) SAP HANA Database Client for Go (Golang) -------------------------------------------------------------------------------- Update Information:
Release 0.14.0 (#1687170) -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.14.0-1 - Release 0.14.0 (#1687170) - Re-enable s390x -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687170 - golang-github-SAP-go-hdb-0.14.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1687170 --------------------------------------------------------------------------------
================================================================================ golang-github-census-instrumentation-opencensus-proto-0.2.0-1.fc29 (FEDORA-2019-dd2bacfb97) Language Independent Interface Types For OpenCensus -------------------------------------------------------------------------------- Update Information:
Release 0.2.0 (#1688080) -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.2.0-1 - Release 0.2.0 (#1688080) * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 0.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688080 - golang-github-census-instrumentation-opencensus-proto-0.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688080 --------------------------------------------------------------------------------
================================================================================ golang-github-google-btree-0-0.17.20190314git4030bb1.fc29 (FEDORA-2019-f064ea5219) BTree implementation for Go -------------------------------------------------------------------------------- Update Information:
Bump to commit 4030bb1f1f0c35b30ca7009e9ebd06849dd45306 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0-0.17.20190314git4030bb1 - Bump to commit 4030bb1f1f0c35b30ca7009e9ebd06849dd45306 * Tue Oct 23 2018 Nicolas Mailhot nim@fedoraproject.org - 0-0.16.git925471a - redhat-rpm-config-123 triggers bugs in gosetup, remove it from Go spec files as it���s just an alias - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... --------------------------------------------------------------------------------
================================================================================ golang-github-googleapis-gax-2.0.4-1.fc29 (FEDORA-2019-450142e646) Google API Extensions for Go -------------------------------------------------------------------------------- Update Information:
Release 2.0.4 (#1688895) ---- Unbootstrap ---- Update to release 2.0.3 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.0.4-1 - Release 2.0.4 (#1688895) * Sat Mar 9 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.0.3-2 - Unbootstrap * Mon Feb 25 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.0.3-1 - Update to release 2.0.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688895 - golang-github-googleapis-gax-2.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688895 --------------------------------------------------------------------------------
================================================================================ golang-github-openzipkin-zipkin-0.1.6-1.fc29 (FEDORA-2019-f290d124c6) Zipkin tracer library for go -------------------------------------------------------------------------------- Update Information:
Release 0.1.6 (#1688700) ---- Release 0.1.5 (#1687408) -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.1.6-1 - Release 0.1.6 (#1688700) * Mon Mar 11 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.1.5-1 - Release 0.1.5 (#1687408) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688700 - golang-github-openzipkin-zipkin-0.1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688700 [ 2 ] Bug #1687408 - golang-github-openzipkin-zipkin-0.1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1687408 --------------------------------------------------------------------------------
================================================================================ golang-github-roaringbitmap-roaring-0.4.16-1.fc29 (FEDORA-2019-849c1a1074) Go version of the Roaring bitmap data structure -------------------------------------------------------------------------------- Update Information:
First package for Fedora -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1684934 - Review Request: golang-github-roaringbitmap-roaring - Go version of the Roaring bitmap data structure https://bugzilla.redhat.com/show_bug.cgi?id=1684934 --------------------------------------------------------------------------------
================================================================================ golang-github-ugorji-go-1.1.2-1.fc29 (FEDORA-2019-d64d0caab3) Idiomatic codec and rpc lib for msgpack, cbor, json, etc -------------------------------------------------------------------------------- Update Information:
Release 1.1.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.1.2-1 - Release 1.1.2 * Tue Oct 23 2018 Nicolas Mailhot nim@fedoraproject.org - 0-0.16.20170107gitded73ea - redhat-rpm-config-123 triggers bugs in gosetup, remove it from Go spec files as it���s just an alias - https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/... * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0-0.15.20170107gitded73ea - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 28 2018 Jan Chaloupka jchaloup@redhat.com - 0-0.14.20170107gitded73ea - Autogenerate some parts using the new macros --------------------------------------------------------------------------------
================================================================================ grads-2.0.2-29.fc29 (FEDORA-2019-c7d588d4b1) Tool for easy acces, manipulation, and visualization of data -------------------------------------------------------------------------------- Update Information:
Fix builds with new g2clib -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Orion Poplawski orion@nwra.com - 2.0.2-29 - Use proper g2clib name (bugz #1483299) - Use %license * Sun Feb 17 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 2.0.2-28 - Rebuild for readline 8.0 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.2-27 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.2-26 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.2-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1483299 - dependency g2clib has changed name of static library https://bugzilla.redhat.com/show_bug.cgi?id=1483299 --------------------------------------------------------------------------------
================================================================================ libseccomp-2.4.0-0.fc29 (FEDORA-2019-e9dcc7806a) Enhanced seccomp library -------------------------------------------------------------------------------- Update Information:
New upstream version -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Paul Moore paul@paul-moore.com - 2.4.0-0 - New upstream version - Added a hack to workaround test failures (see %check above) * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 2.3.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Wed Nov 7 2018 Paul Moore paul@paul-moore.com - 2.3.3-4 - Remove ldconfig scriptlet, thanks to James Antill (RHBZ #1644074) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688905 - libseccomp v2.4.0 released https://bugzilla.redhat.com/show_bug.cgi?id=1688905 --------------------------------------------------------------------------------
================================================================================ mingw-podofo-0.9.6-8.fc29 (FEDORA-2019-023ea18e20) MinGW Windows podofo library -------------------------------------------------------------------------------- Update Information:
Backport security fixes: CVE-2019-9199, CVE-2019-9687. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Sandro Mani manisandro@gmail.com - 0.9.6-8 - Backport security fixes: CVE-2019-9199, CVE-2019-9687 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687761 - CVE-2019-9687 podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1687761 [ 2 ] Bug #1683620 - CVE-2019-9199 podofo: Null pointer dereference in function PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1683620 --------------------------------------------------------------------------------
================================================================================ mod_http2-1.14.1-1.fc29 (FEDORA-2019-0300c36537) module implementing HTTP/2 for Apache 2 -------------------------------------------------------------------------------- Update Information:
This release adds the `H2Padding` configuration directive and has various bug fixes. -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Joe Orton jorton@redhat.com - 1.14.1-1 - update to 1.14.1 * Tue Mar 5 2019 Joe Orton jorton@redhat.com - 1.14.0-1 - update to 1.14.0 * Tue Feb 26 2019 Joe Orton jorton@redhat.com - 1.13.0-1 - update to 1.13.0 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 1.12.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Jan 18 2019 Joe Orton jorton@redhat.com - 1.12.1-1 - update to 1.12.1 * Tue Oct 9 2018 Lubos Uhliarik luhliari@redhat.com - 1.11.2-1 - new version 1.11.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1668498 - CVE-2018-17189 httpd: mod_http2: DoS via slow, unneeded request bodies [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668498 --------------------------------------------------------------------------------
================================================================================ monitorix-3.11.0-1.fc29 (FEDORA-2019-853e59beac) A free, open source, lightweight system monitoring tool -------------------------------------------------------------------------------- Update Information:
Monitorix 3.11.0 has been released! Important notice for people that is still using versions 3.10.0 or older: This one fixes a cross-site scripting (XSS) vulnerability that was already announced and fixed in the 3.10.1 version. This new version introduces one new graph: the Ambient Sensors graph. This graph is intended for gathering temperature values from any kind of external sensors. Each defined sensor is associated to a command line that will be executed by Monitorix to get the temperature. It also support alerts to notify when the value is above or below from a defined threshold. Besides the fact that this new version only comes with one new graph, it really includes interesting new features. One of the most important is the new option 'autocheck_responsiveness' (enabled by default), that hopefully should fix those so annoying hangups in the HTTP built-in server. Another interesting change is the new way of how the memory graph will be shown in Linux systems. The value used will be recalculated as used = MemTotal - MemFree - Buffers - Cached - SReclaimable - SUnreclaim which will ensure that Monitorix will be in sync with the Used column in the output of newer free command, and with the -/+ buffers/cache row of the older free command. The ZFS graph has also changed, it now includes more information for each pool defined with the number of operations and the bandwidth used. By popular demand, I've finally included in Multihost mode the ability to show all graphs of a single server and even all graphs from all remote servers. In the later case, you must keep in mind that in order to see all graphs, the remote servers must have the same configuration file than the host from where you are viewing them all. It's important to notice that this new feature has a potential risk if there is defined a considerable amount of remote servers and the user selects the option "All" in the Hostname list and "All graphs" in the Graph list. This is something that may happen now accidentally and the browser may hang for a while due to the huge amount of images to download remotely from different servers. In order to prevent precisely that, this new feature comes with a new option called default_option_when_all that defines which option in the Graph list ('System load" by default) will be selected automatically when the user selects 'All' in the Hostname list. Of course, the user is still able to change it to "All graphs" at any moment, and at his own risk :-). The rest of new features, changes and bugs fixed are, as always, reflected in the Changes file. Please, check the monitorix.conf(5) man page for all the details. NOTICE: The configuration file monitorix.conf has been extended with important changes. All users still using older versions are advised and encouraged to upgrade to this version. Regards. -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Jordi Sanfeliu jordi@fibranet.cat - 3.11.0-1 - Updated to 3.11.0. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688846 - monitorix-3.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1688846 --------------------------------------------------------------------------------
================================================================================ openqa-4.6-13.20190312gitb3e49dc.fc29 (FEDORA-2019-4dc2bff9c7) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information:
This update provides new git snapshots of openQA and os-autoinst, with various changes and bug fixes. It also includes a patch to address the cancellation of parent and other child jobs when a single child job in a parallel cluster fails. Note it depends on [FEDORA-2019-5ca4b9b5fd](https://bodhi.fedoraproject.org/upda tes/FEDORA-2019-5ca4b9b5fd) and should not go stable until that update is stable. -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 12 2019 Adam Williamson awilliam@redhat.com - 4.6-13.20190312gitb3e49dc - Update to latest git again - Revise the parallel cancel patch to match current PR state - Drop merged patches * Mon Mar 4 2019 Adam Williamson awilliam@redhat.com - 4.6-12.20190205git2b90641 - Backport fixes for various issues: + Parent and other child jobs being cancelled when a single child fails + Issue with download_asset task retry causing jobs to start prematurely + Retried minion tasks failing due to argument passing error * Wed Feb 6 2019 Adam Williamson awilliam@redhat.com - 4.6-11.20190205git2b90641 - Bump to latest git again - Drop merged patch - Backport PR #1989 to avoid a minion parallel task issue - Try dropping the 'restart on job died' patch to see current effects * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 4.6-10.20190114git5672fc3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ os-autoinst-4.5-15.20190312git1080c39.fc29 (FEDORA-2019-4dc2bff9c7) OS-level test automation -------------------------------------------------------------------------------- Update Information:
This update provides new git snapshots of openQA and os-autoinst, with various changes and bug fixes. It also includes a patch to address the cancellation of parent and other child jobs when a single child job in a parallel cluster fails. Note it depends on [FEDORA-2019-5ca4b9b5fd](https://bodhi.fedoraproject.org/upda tes/FEDORA-2019-5ca4b9b5fd) and should not go stable until that update is stable. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Adam Williamson awilliam@redhat.com - 4.5-15.20190312git1080c39 - Bump to latest git again * Wed Feb 6 2019 Adam Williamson awilliam@redhat.com - 4.5-14.20190206git519f2ee - Bump to latest git again * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 4.5-13.20190114gitdfe4780 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ packit-0.0.1-1.fc29 (FEDORA-2019-b4eb969501) A tool for integrating upstream projects with Fedora operating system -------------------------------------------------------------------------------- Update Information:
Initial version: 0.0.1 --------------------------------------------------------------------------------
================================================================================ php-pecl-redis4-4.3.0-1.fc29 (FEDORA-2019-6221055cd7) Extension for communicating with the Redis key-value store -------------------------------------------------------------------------------- Update Information:
**phpredis 4.3.0** This is probably the latest release with PHP 5 suport!!! * Proper persistent connections pooling implementation [a3703820, c76e00fb, 0433dc03, c75b3b93] (Pavlo Yatsukhnenko) * RedisArray auth [b5549cff, 339cfa2b, 6b411aa8] (Pavlo Yatsukhnenko) * Use zend_string for storing key hashing algorithm [8cd165df, 64e6a57f] (Pavlo Yatsukhnenko) * Add ZPOPMAX and ZPOPMIN support [46f03561, f89e941a, 2ec7d91a] (@mbezhanov, Michael Grunder) * Implement GEORADIUS_RO and GEORADIUSBYMEMBER_RO [22d81a94] (Michael Grunder) * Add callback parameter to subscribe/psubscribe arginfo [0653ff31] (Pavlo Yatsukhnenko) * Don't check the number affected keys in PS_UPDATE_TIMESTAMP_FUNC [b00060ce] (Pavlo Yatsukhnenko) * Xgroup updates [15995c06] (Michael Grunder) * RedisCluster auth [c5994f2a] (Pavlo Yatsukhnenko) * Cancel pipeline mode without executing commands [789256d7] (Pavlo Yatsukhnenko) * Use zend_string for pipeline_cmd [e98f5116] (Pavlo Yatsukhnenko) * Different key hashing algorithms from hash extension [850027ff] (Pavlo Yatsukhnenko) * Breaking the lock acquire loop in case of network problems [61889cd7] (@SkydiveMarius) * Implement consistent hashing algorithm for RedisArray [bb32e6f3, 71922bf1] (Pavlo Yatsukhnenko) * Use zend_string for storing RedisArray hosts [602740d3, 3e7e1c83] (Pavlo Yatsukhnenko) * Update lzf_compress to be compatible with PECL lzf extension [b27fd430] (@jrchamp) * Fix RedisCluster keys memory leak [3b56b7db] (Michael Grunder) * Directly use return_value in RedisCluster::keys method [ad10a49e] (Pavlo Yatsukhnenko) * Fix segfault in Redis Cluster with inconsistent configuration [72749916, 6e455e2e] (Pavlo Yatsukhnenko) * Masters info leakfix [91bd7426] (Michael Grunder) * Refactor redis_sock_read_bulk_reply [bc4dbc4b] (Pavlo Yatsukhnenko) * Remove unused parameter lazy_connect from redis_sock_create [c0793e8b] (Pavlo Yatsukhnenko) * Remove useless ZEND_ACC_[C|D]TOR. [bc9b5597] (@twosee) * Documentation improvements (@fanjiapeng, @alexander-schranz, @hmc, Pavlo Yatsukhnenko, Michael Grunder) -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Remi Collet remi@remirepo.net - 4.3.0-1 - update to 4.3.0 (stable) --------------------------------------------------------------------------------
================================================================================ pipenv-2018.11.26-7.fc29 (FEDORA-2019-a5a4db02c4) The higher level Python packaging tool -------------------------------------------------------------------------------- Update Information:
Require which -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Miro Hron��ok mhroncok@redhat.com - 2018.11.26-7 - Require which (#1688145) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1688145 - Requirement `which` not declared https://bugzilla.redhat.com/show_bug.cgi?id=1688145 --------------------------------------------------------------------------------
================================================================================ podofo-0.9.6-6.fc29 (FEDORA-2019-023ea18e20) Tools and libraries to work with the PDF file format -------------------------------------------------------------------------------- Update Information:
Backport security fixes: CVE-2019-9199, CVE-2019-9687. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Sandro Mani manisandro@gmail.com - 0.9.6-6 - Backport security fixes: CVE-2019-9199, CVE-2019-9687 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687761 - CVE-2019-9687 podofo: heap-based buffer overflow in function PdfString::ConvertUTF16toUTF8 in base/PdfString.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1687761 [ 2 ] Bug #1683620 - CVE-2019-9199 podofo: Null pointer dereference in function PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1683620 --------------------------------------------------------------------------------
================================================================================ python-xlsxwriter-1.1.5-1.fc29 (FEDORA-2019-6d585657db) Python module for writing files in the Excel 2007+ XLSX file format -------------------------------------------------------------------------------- Update Information:
Release 1.1.5, initial packaging for Fedora -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1687363 - Review Request: python-xlsxwriter - a Python module for writing files in the Excel 2007+ XLSX file format https://bugzilla.redhat.com/show_bug.cgi?id=1687363 --------------------------------------------------------------------------------
================================================================================ ravada-0.3.4-1.fc29 (FEDORA-2019-b3f8a8e7f7) Remote Virtual Desktops Manager -------------------------------------------------------------------------------- Update Information:
Release 0.3.4 -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.3.4-1 - Release 0.3.4 --------------------------------------------------------------------------------
================================================================================ sddm-0.18.0-4.fc29 (FEDORA-2019-96c964d319) QML based X11 desktop manager -------------------------------------------------------------------------------- Update Information:
Pull in upstream fix for writing errant files/dirs under $HOME -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 13 2019 Rex Dieter rdieter@fedoraproject.org - 0.18.0-4 - pull in upstream fix for https://github.com/sddm/sddm/issues/1145 (#1667171) * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.18.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Oct 26 2018 Rex Dieter rdieter@fedoraproject.org - 0.18.0-2 - rebuild for f29 background -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1667171 - sddm-helper attempts to create a bizarre folder which gets blocked by SELinux https://bugzilla.redhat.com/show_bug.cgi?id=1667171 --------------------------------------------------------------------------------
================================================================================ thunderbird-60.5.3-1.fc29 (FEDORA-2019-d39d6cbd8d) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information:
- new upstream version (60.5.3) -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 6 2019 Martin Stransky stransky@redhat.com - 60.5.3-1 - Update to 60.5.3 * Sat Mar 2 2019 Kalev Lember klember@redhat.com - 60.5.1-3 - Fix hunspell dictionary symlink when built for flatpak * Thu Feb 21 2019 Kalev Lember klember@redhat.com - 60.5.1-2 - Avoid hardcoding /usr in launcher scripts --------------------------------------------------------------------------------
================================================================================ toolbox-0.0.7-1.fc29 (FEDORA-2019-8b8b177139) Unprivileged development environment -------------------------------------------------------------------------------- Update Information:
* Add fedora-toolbox image definition for Fedora 31 * Add flatpak-xdg-utils to Fedoras 29 and 30 * Add manuals * Add rm and rmi commands * Be more informative when creating the working container * Clarify the error message if the toolbox container is not found * Don't create volumes in the image for bind mounts from the host * Fix miscellaneous issues pointed out by https://www.shellcheck.net/ * Give access to /dev/bus for control transfers from USB devices * Give access to removable devices and other temporary mounts * Lots of Bash-isms removed for POSIX correctness * Make the --image flag override the base toolbox image, as documented * Make the spinner more efficient * Restore documentation removed from the base Fedora images -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 14 2019 Debarshi Ray rishi@fedoraproject.org - 0.0.7-1 - Update to 0.0.7 --------------------------------------------------------------------------------