--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-a325358336
2018-11-28 02:44:22.549747
--------------------------------------------------------------------------------
Name : libxcrypt
Product : Fedora 28
Version : 4.4.0
Release : 2.fc28
URL : https://github.com/besser82/libxcrypt
Summary : Extended crypt library for DES, MD5, Blowfish and others
Description :
libxcrypt is a modern library for one-way hashing of passwords. It
supports a wide variety of both modern and historical hashing methods:
yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
It provides the traditional Unix crypt and crypt_r interfaces, as well
as a set of extended interfaces pioneered by Openwall Linux, crypt_rn,
crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not suitable
for use in bulk password-cracking applications, or in any other situation
where speed is more important than careful handling of sensitive data.
However, it is intended to be fast and lightweight enough for use in
servers that must field thousands of login attempts per minute.
--------------------------------------------------------------------------------
Update Information:
- Backport upstream commit to use a safer strcpy for the NT method. - Backport
upstream generating base64 encoded output for NT gensalt. - Backport upstream
commit to require less rbytes for NT gensalt. - Backport upstream commit to test
incremental hmac-sha256 computation.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 26 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.0-2
- Backport upstream commit to use a safer strcpy for the NT method
- Backport upstream generating base64 encoded output for NT gensalt
- Backport upstream commit to require less rbytes for NT gensalt
- Backport upstream commit to test incremental hmac-sha256 computation
- Add Recommends: mkpasswd for Fedora >= 30
* Tue Nov 20 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.0-1
- New upstream release
* Wed Nov 14 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.4-1
- New upstream release
* Wed Nov 14 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.3-4
- Bump release for proper obsoletion of former common sub-package
* Wed Nov 14 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.3-3
- Add two upstream patches with minor fixes
- Add HMAC checksum file for the static library
- Drop the common sub-package
- Some spec-file optimizations
* Tue Nov 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.3-2
- Add a patch to define crypt_gensalt_r as macro, so applications
link the identical crypt_gensalt_rn directly
* Sun Nov 11 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.3-1
- New upstream release
* Sun Nov 11 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.2-1
- New upstream release
* Sun Nov 11 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.1-2
- Backport two patches from upstream fixing the gensalt function for
NT to properly terminate its returned output
* Sat Nov 10 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.1-1
- New upstream release
* Sat Nov 10 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.3.0-1
- New upstream release
* Fri Oct 26 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.3-1
- New upstream release
* Thu Oct 25 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.2-2
- Add patch updating to recent development version
- Run valgrind-memcheck
- Use bootstrap script
* Thu Oct 18 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.2-1
- New upstream release
* Mon Oct 1 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.1-3
- Drop compat-devel package
- Set configure options from globals
* Sun Sep 30 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.1-2
- Build out-of-tree
- Split off noarch-bits into common sub-package
- Update %description
- Prepare to remove legacy API from library and to provide a compatibilty
package for the legacy API
* Sat Sep 29 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.1-1
- New upstream release
- Add new manpages
* Sat Sep 29 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.2.0-1
- New upstream release
* Fri Aug 24 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.2-1
- New upstream release
* Wed Aug 8 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.1-4
- Move *.3 manpages to devel subpackage (#1613762)
- Add needed Conflicts: man-pages < 4.15-3
* Wed Aug 8 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.1-3
- Make crypt{,_r} return NULL on failure (#1611784)
* Sat Aug 4 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.1-2
- Add manpages for crypt{,_r,_ra}.3 (#1610307)
* Wed Aug 1 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.1-1
- New upstream release
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.0-1
- New upstream release
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-6
- Make testsuite fail on error again
- Update patch0 with more upstream fixes
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-5
- Add patch to update to recent development branch
- Re-enable SUNMD5 support as it is BSD licensed now
- Build compatibility symbols for glibc only
- Skip failing testsuite once
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Florian Weimer <fweimer(a)redhat.com> - 4.0.1-3
- Remove CDDL from license list (#1592445)
* Fri Jun 29 2018 Florian Weimer <fweimer(a)redhat.com> - 4.0.1-2
- Remove SUNMD5 support (#1592445)
* Wed May 16 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-1
- New upstream release
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-a325358336' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-f459aa6445
2018-11-28 02:44:22.549737
--------------------------------------------------------------------------------
Name : python-djangoql
Product : Fedora 28
Version : 0.12.3
Release : 1.fc28
URL : https://github.com/ivelum/djangoql
Summary : DjangoQL: Advanced search language for Django
Description :
Advanced search language for Django, with auto-completion.
Supports logical operators, parenthesis, table joins,
works with any Django models.
--------------------------------------------------------------------------------
Update Information:
New release 0.12.3
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-f459aa6445' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-352a7a9d69
2018-11-28 02:44:22.549727
--------------------------------------------------------------------------------
Name : GraphicsMagick
Product : Fedora 28
Version : 1.3.31
Release : 1.fc28
URL : http://www.graphicsmagick.org/
Summary : An ImageMagick fork, offering faster image generation and better quality
Description :
GraphicsMagick is a comprehensive image processing package which is initially
based on ImageMagick 5.5.2, but which has undergone significant re-work by
the GraphicsMagick Group to significantly improve the quality and performance
of the software.
--------------------------------------------------------------------------------
Update Information:
New upstream release, http://www.graphicsmagick.org/NEWS.html#november-17-2018
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 20 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.31-1
- GraphicsMasgick-1.3.31
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.30-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 1 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.3.30-2
- Perl 5.28 rebuild
* Sun Jul 1 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.30-1
- GraphicsMagick-1.3.30
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1.3.29-2
- Perl 5.28 rebuild
* Wed May 2 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.29-1
- 1.3.29 (#1574031])
* Wed Mar 7 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3.28-4
- BR: gcc-c++, %make_build %make_install %ldconfig_scriptlets
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-352a7a9d69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-33c4e589d5
2018-11-28 02:44:22.549718
--------------------------------------------------------------------------------
Name : lazarus
Product : Fedora 28
Version : 1.8.4
Release : 2.fc28
URL : http://www.lazarus-ide.org/
Summary : Lazarus Component Library and IDE for Freepascal
Description :
A free and open-source RAD tool for Free Pascal using the Lazarus
Component Library - LCL, which is also included in this package.
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 1.8.4, add qt5pas package
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 17 2018 Artur Iwicki <fedora(a)svgames.pl> - 1.8.4-2
- Use Lazarus version number to auto-calculate the qt5pas release number
This should prevent build failures in koji due to duplicate qt5pas version-release tags.
* Sat Aug 18 2018 Artur Iwicki <fedora(a)svgames.pl> - 1.8.4-1
- Update to new upstream version
* Tue Aug 7 2018 Artur Iwicki <fedora(a)svgames.pl> - 1.8.2-2
- Add the Qt5pas package (pull request #3)
- Remove the Group: tag (no longer used in Fedora)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1451737 - lazarus-1.8.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1451737
[ 2 ] Bug #1613820 - Lazarus 1.8.4 available
https://bugzilla.redhat.com/show_bug.cgi?id=1613820
[ 3 ] Bug #1650920 - Lazarus build failures
https://bugzilla.redhat.com/show_bug.cgi?id=1650920
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-33c4e589d5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-d716df9942
2018-11-28 02:44:22.549699
--------------------------------------------------------------------------------
Name : rubygem-loofah
Product : Fedora 28
Version : 2.0.3
Release : 6.fc28
URL : https://github.com/flavorjones/loofah
Summary : Manipulate and transform HTML/XML documents and fragments
Description :
Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API.
Loofah excels at HTML sanitization (XSS prevention). It includes some
nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
most likely won't make your codes less secure.
--------------------------------------------------------------------------------
Update Information:
XXS when a crafted SVG element is republished (CVE-2018-16468).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 13 2018 V��t Ondruch <vondruch(a)redhat.com> - 2.0.3-6
- XXS when a crafted SVG element is republished (CVE-2018-16468).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1646715 - CVE-2018-16468 rubygem-loofah: XXS when a crafted SVG element is republished
https://bugzilla.redhat.com/show_bug.cgi?id=1646715
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-d716df9942' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-02e965a729
2018-11-28 02:44:22.549689
--------------------------------------------------------------------------------
Name : rubygem-rack
Product : Fedora 28
Version : 2.0.4
Release : 4.fc28
URL : http://rack.github.io/
Summary : A modular Ruby webserver interface
Description :
Rack provides a minimal, modular and adaptable interface for developing
web applications in Ruby. By wrapping HTTP requests and responses in
the simplest way possible, it unifies and distills the API for web
servers, web frameworks, and software in between (the so-called
middleware) into a single method call.
--------------------------------------------------------------------------------
Update Information:
* Buffer size in multipart parser allows for denial of service (CVE-2018-16470).
* Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
(CVE-2018-16471).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 12 2018 V��t Ondruch <vondruch(a)redhat.com> - 1:2.0.4-4
- Buffer size in multipart parser allows for denial of service (CVE-2018-16470).
- Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
(CVE-2018-16471).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1646814 - CVE-2018-16470 rubygem-rack: Buffer size in multipart parser allows for denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1646814
[ 2 ] Bug #1646818 - CVE-2018-16471 rubygem-rack: Cross-site scripting (XSS) via `scheme` method on `Rack::Request`
https://bugzilla.redhat.com/show_bug.cgi?id=1646818
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-02e965a729' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-89413a04e0
2018-11-28 02:44:22.549679
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 28
Version : 2.6.4
Release : 1.fc28
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Metapackage with installs wireshark-cli and wireshark-qt.
--------------------------------------------------------------------------------
Update Information:
New version 2.6.4, contains security fix for CVE-2018-16056, CVE-2018-16057,
CVE-2018-16058, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227, CVE-2018-12086.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 12 2018 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.4-1
- New version 2.6.4
- Contains fixes for CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
* Tue Jul 24 2018 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.2-1
- New version 2.6.2
- Contains fixes for CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370
* Thu May 24 2018 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.1-1
- New version 2.6.1
* Tue May 15 2018 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.0-2
- Fixed undefined reference error in tshark (rhbz#1573906)
- Correcting usage of build flags (rhbz#1548665)
* Fri Apr 27 2018 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.0-1
- New version 2.6.0
- Removed GeoIP support, libmaxminddb is used instead
- Removed dftest binary
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1625921 - CVE-2018-16058 wireshark: Bluetooth AVDTP dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=1625921
[ 2 ] Bug #1625922 - CVE-2018-16056 wireshark: Bluetooth Attribute Protocol dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=1625922
[ 3 ] Bug #1625925 - CVE-2018-16057 wireshark: Radiotap dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=1625925
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-89413a04e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-cb3d3795d1
2018-11-28 02:44:22.549668
--------------------------------------------------------------------------------
Name : tex-fonts-hebrew
Product : Fedora 28
Version : 0.1
Release : 29.fc28
URL : http://culmus.sf.net
Summary : Culmus Hebrew fonts support for LaTeX
Description :
Support using the Culmus Hebrew fonts in LaTeX.
--------------------------------------------------------------------------------
Update Information:
the new packages resolves the scriptlet failure
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 8 2018 Than Ngo <than(a)redhat.com> - 0.1-29
- Resolves: #1336452, #1593189, #1631920, #1596118, scriptlet failures
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.1-28
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1631920 - (DNF error in POSTIN scriptlet in rpm package tex-fonts-hebrew
https://bugzilla.redhat.com/show_bug.cgi?id=1631920
[ 2 ] Bug #1596118 - Test Results:Fedora 29 Rawhide 20180623.n.1 Installation :fedora 29 dnf error:Non-fatal postin scriptlet failure in rpm package tex-fonts-hebrew
https://bugzilla.redhat.com/show_bug.cgi?id=1596118
[ 3 ] Bug #1593189 - kickstart quit with "Non-fatal POSTIN scriptlet failure in rpm package tex-fonts-hebrew
https://bugzilla.redhat.com/show_bug.cgi?id=1593189
[ 4 ] Bug #1336452 - error messages during installation (texconfig not found ; follow up error: morisawa.map otf-cktx.map not found)
https://bugzilla.redhat.com/show_bug.cgi?id=1336452
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-cb3d3795d1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-7faacc1b36
2018-11-28 02:44:22.549617
--------------------------------------------------------------------------------
Name : gfal2
Product : Fedora 28
Version : 2.16.1
Release : 1.fc28
URL : http://dmc.web.cern.ch/projects/gfal-2/home
Summary : Grid file access library 2.0
Description :
GFAL 2.0 offers an a single and simple POSIX-like API
for the file operations in grids and cloud environments.
The set of supported protocols depends
of the gfal2 installed plugins.
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 1 2018 Andrea Manzi <amanzi at cern.ch> - 2.16.1-1
- Upgraded to upstream release 2.16.1
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.15.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jul 6 2018 Andrea Manzi <amanzi at cern.ch> - 2.15.5-2
- Upgraded to upstream release 2.15.5-2
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-7faacc1b36' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------