The following Fedora 37 Security updates need testing: Age URL 45 https://bodhi.fedoraproject.org/updates/FEDORA-2023-6bdc769313 cutter-re-2.2.0-1.fc37 rizin-0.5.1-1.fc37 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-749cb1a0d5 apptainer-1.1.8-1.fc37

The following Fedora 37 Critical Path updates have yet to be approved: Age URL 138 https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf8feea173 lorax-37.10-1.fc37 12 https://bodhi.fedoraproject.org/updates/FEDORA-2023-734593f163 edk2-20230301gitf80f052277c8-3.fc37 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-b892930b88 mariadb-connector-c-3.3.4-2.fc37 10 https://bodhi.fedoraproject.org/updates/FEDORA-2023-363cf1cea2 cockpit-290-1.fc37 9 https://bodhi.fedoraproject.org/updates/FEDORA-2023-34a075d304 llvm-15.0.7-2.fc37 5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-acfbdb28cd bind-9.18.14-1.fc37 bind-dyndb-ldap-11.10-13.fc37 5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-82734f264d onboard-1.4.1-30.fc37 5 https://bodhi.fedoraproject.org/updates/FEDORA-2023-bb53b89e8a libmediainfo-23.03-2.fc37 libzen-0.4.41-1.fc37 mediainfo-23.03-2.fc37 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-cd5d0e8f18 nautilus-43.4-1.fc37 4 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a4ed654b20 glibmm2.4-2.66.6-1.fc37 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-13093d1386 selinux-policy-37.20-1.fc37 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-a88a701820 gnome-shell-43.5-1.fc37 mutter-43.5-1.fc37 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-44868fd669 389-ds-base-2.2.7-2.fc37 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-319b7f56ac xorg-x11-server-1.20.14-23.fc37 3 https://bodhi.fedoraproject.org/updates/FEDORA-2023-e743a79041 perl-5.36.1-493.fc37 polymake-4.9-2.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-66697036e9 audit-3.1.1-1.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0db7d5ea15 dracut-059-2.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-2d90d74c3a xorg-x11-server-Xwayland-22.1.9-2.fc37 2 https://bodhi.fedoraproject.org/updates/FEDORA-2023-0de6457ef5 abrt-2.16.1-1.fc37 libreport-2.17.9-1.fc37 satyr-0.42-1.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-48d1193166 elfutils-0.189-2.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-32d08f02af java-17-openjdk-17.0.7.0.7-1.fc37 java-latest-openjdk-20.0.1.0.9-4.rolling.fc37 1 https://bodhi.fedoraproject.org/updates/FEDORA-2023-3d6585a3ab python-dogpile-cache-1.1.8-1.fc37

The following builds have been pushed to Fedora 37 updates-testing

bodhi-client-7.2.0-1.fc37 bodhi-messages-7.2.0-1.fc37 bodhi-server-7.2.0-1.fc37 foot-1.14.0-2.fc37 galera-26.4.14-1.fc37 java-11-openjdk-portable-11.0.19.0.7-2.fc37 jello-1.6.0-1.fc37 libopenmpt-0.6.10-1.fc37 mariadb-10.5.19-2.fc37 perl-User-Identity-1.02-1.fc37 python-formulaic-0.5.2-7.fc37 python-meson-python-0.13.1-3.fc37 python-nose2-0.13.0-1.fc37 rakudo-2023.04-2.fc37 rubygem-redcarpet-3.3.2-26.fc37 rust-anyhow-1.0.71-1.fc37 rust-matrixmultiply-0.3.5-1.fc37 rust-quoted_printable-0.4.8-1.fc37 rust-uuid-1.3.2-1.fc37

Details about builds:

================================================================================ bodhi-client-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860) Bodhi client -------------------------------------------------------------------------------- Update Information:

Update to 7.2.0 -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Mattia Verga mattia.verga@proton.me - 7.2.0-1 - Update to 7.2.0 --------------------------------------------------------------------------------

================================================================================ bodhi-messages-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860) JSON schema for messages sent by Bodhi -------------------------------------------------------------------------------- Update Information:

Update to 7.2.0 -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Mattia Verga mattia.verga@proton.me - 7.2.0-1 - Update to 7.2.0 --------------------------------------------------------------------------------

================================================================================ bodhi-server-7.2.0-1.fc37 (FEDORA-2023-0a9bfeb860) Bodhi server -------------------------------------------------------------------------------- Update Information:

Update to 7.2.0 -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Mattia Verga mattia.verga@proton.me - 7.2.0-1 - Update to 7.2.0 --------------------------------------------------------------------------------

================================================================================ foot-1.14.0-2.fc37 (FEDORA-2023-962e3da4e4) Fast, lightweight and minimalistic Wayland terminal emulator -------------------------------------------------------------------------------- Update Information:

Use correct dock and window switcher icons in GNOME -------------------------------------------------------------------------------- ChangeLog:

* Sat Apr 29 2023 Aleksei Bavshin alebastr@fedoraproject.org - 1.14.0-2 - Use correct dock and window switcher icons in GNOME -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2188908 - Issue in Gnome app switcher https://bugzilla.redhat.com/show_bug.cgi?id=2188908 --------------------------------------------------------------------------------

================================================================================ galera-26.4.14-1.fc37 (FEDORA-2023-49ceccb273) Synchronous multi-master wsrep provider (replication engine) -------------------------------------------------------------------------------- Update Information:

**MariaDB 10.5.19 & Galera 26.4.14** Release notes: https://mariadb.com/kb/en/mariadb-10-5-19-release-notes/ -------------------------------------------------------------------------------- ChangeLog:

* Sat Apr 29 2023 Michal Schorm mschorm@redhat.com - 26.4.14-1 - Rebase to 26.4.14 * Mon Feb 20 2023 Jonathan Wakely jwakely@redhat.com - 26.4.13-3 - Rebuilt for Boost 1.81 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 26.4.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2177093 - galera-26.4.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2177093 --------------------------------------------------------------------------------

================================================================================ java-11-openjdk-portable-11.0.19.0.7-2.fc37 (FEDORA-2023-0ab3a5423f) OpenJDK 11 Runtime Environment portable edition -------------------------------------------------------------------------------- Update Information:

Updatings portables to ajva April security update, with few enhancements be properly repacked. -------------------------------------------------------------------------------- ChangeLog:

* Sat Apr 29 2023 Jiri Vanek jvanek@redhat.com - 1:11.0.19.0.7-0.2.ea - removed steps which belongs to integrating rpms or done elsewhere: - - systemtaps, staticlibs, symlinks, icons, desktop files - moved remaning steps to proepr place: - - man pages encoding fix, legal, permissions fix, javadocs * Thu Apr 27 2023 Andrew Hughes gnu.andrew@redhat.com - 1:11.0.19.0.7-0.1.ea - Update to jdk-11.0.19.0+7 - Update release notes to 11.0.19.0+7 - Require tzdata 2023c due to local inclusion of JDK-8274864 & JDK-8305113 - Update generate_tarball.sh to add support for passing a boot JDK to the configure run - Add POSIX-friendly error codes to generate_tarball.sh and fix whitespace - Remove .jcheck and GitHub support when generating tarballs, as done in upstream release tarballs - Rebase FIPS support against 11.0.19+6 - Rebase RH1750419 alt-java patch against 11.0.19+6 - Update TestTranslations.java to test the new America/Ciudad_Juarez zone --------------------------------------------------------------------------------

================================================================================ jello-1.6.0-1.fc37 (FEDORA-2023-a89eeec210) Query JSON at the command line with Python syntax -------------------------------------------------------------------------------- Update Information:

### `jello` 20230423 v1.6.0 - Add the ability to directly use a JSON file or JSON Lines files as data input (`-f`) - Add the ability to load a query from a file (`-q`) - Add the empty data option (`-e`) - Fix user-defined functions in` ~/.jelloconf` initialization file -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 1.6.0-1 - Update to 1.6.0 (close RHBZ#2192142) --------------------------------------------------------------------------------

================================================================================ libopenmpt-0.6.10-1.fc37 (FEDORA-2023-39720f2961) C/C++ library to decode tracker music module (MOD) files -------------------------------------------------------------------------------- Update Information:

Update to 0.6.10 -- https://lib.openmpt.org/libopenmpt/2023/04/15/releases- 0.6.10-0.5.24-0.4.36-0.3.44/ -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Michael Schwendt mschwendt@fedoraproject.org - 0.6.10-1 - update to 0.6.10 --------------------------------------------------------------------------------

================================================================================ mariadb-10.5.19-2.fc37 (FEDORA-2023-49ceccb273) A very fast and robust SQL database server -------------------------------------------------------------------------------- Update Information:

**MariaDB 10.5.19 & Galera 26.4.14** Release notes: https://mariadb.com/kb/en/mariadb-10-5-19-release-notes/ -------------------------------------------------------------------------------- ChangeLog:

* Fri Apr 28 2023 Siddhesh Poyarekar siddhesh@redhat.com - 3:10.5.19-2 - Use _fortify_level to disable fortification in debug builds. * Fri Apr 28 2023 Michal Schorm mschorm@redhat.com - 3:10.5.19-1 - Rebase to 10.5.19 * Tue Apr 11 2023 Florian Weimer fweimer@redhat.com - 3:10.5.18-3 - Port to C99 * Thu Jan 19 2023 Fedora Release Engineering releng@fedoraproject.org - 3:10.5.18-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2177093 - galera-26.4.14 is available https://bugzilla.redhat.com/show_bug.cgi?id=2177093 --------------------------------------------------------------------------------

================================================================================ perl-User-Identity-1.02-1.fc37 (FEDORA-2023-8fa5e08386) Maintains info about a physical person -------------------------------------------------------------------------------- Update Information:

Update perl-User-Identity to 1.02 (#2187275) -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 S��rgio Basto sergio@serjux.com - 1.02-1 - Update perl-User-Identity to 1.02 (#2187275) * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 1.01-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2187275 - perl-User-Identity-1.02 is available https://bugzilla.redhat.com/show_bug.cgi?id=2187275 --------------------------------------------------------------------------------

================================================================================ python-formulaic-0.5.2-7.fc37 (FEDORA-2023-e8f5d5d013) A high-performance implementation of Wilkinson formulas -------------------------------------------------------------------------------- Update Information:

Confirm License is SPDX MIT; add missing ���arrow��� and ���calculus��� extras metapackages. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.5.2-7 - Drop ���arrow��� extra metapackage on i686 * Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.5.2-6 - Confirm License is SPDX MIT * Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.5.2-5 - Add missing ���arrow��� and ���calculus��� extras metapackages --------------------------------------------------------------------------------

================================================================================ python-meson-python-0.13.1-3.fc37 (FEDORA-2023-d2a51f2737) Meson Python build backend (PEP 517) -------------------------------------------------------------------------------- Update Information:

Initial package for F37 -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.13.1-3 - Depend on the system patchelf - This avoids generating dependencies on python3dist(patchelf). * Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.13.1-2 - Let the dist-git branches diverge; drop the spec-file conditionals * Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.13.1-1 - Initial package (close RHBZ#2192109) --------------------------------------------------------------------------------

================================================================================ python-nose2-0.13.0-1.fc37 (FEDORA-2023-9ee8973cd2) The successor to nose, based on unittest2 -------------------------------------------------------------------------------- Update Information:

### `nose2` 0.13.0 (2023-04-29) - Remove support for python2 and older python3 versions - Fix support for python3.12 to avoid warnings about `addDuration`. - `nose2` package metadata is converted to pyproject.toml format, using `setuptools`. Building `nose2` packages from source now requires `setuptools>=61.0.0` or a PEP 517 compatible build frontend (e.g. `build`). - `nose2` license metadata has been corrected in format and content to be distributed in the sdist and wheel distributions correctly. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.13.0-1 - Update to 0.13.0 (close RHBZ#2192205) * Sun Apr 30 2023 Benjamin A. Beasley code@musicinmybrain.net - 0.12.0-3 - Don���t assume %_smp_mflags is -j%_smp_build_ncpus * Thu Nov 24 2022 Benjamin A. Beasley code@musicinmybrain.net - 0.12.0-2 - Update License to SPDX --------------------------------------------------------------------------------

================================================================================ rakudo-2023.04-2.fc37 (FEDORA-2023-ac73ee36a2) Raku on MoarVM, JVM, and JS -------------------------------------------------------------------------------- Update Information:

Fix failed tests -------------------------------------------------------------------------------- ChangeLog:

* Sat Apr 29 2023 topazus topazus@outlook.com - 2023.04-2 - Fix failed tests * Fri Apr 28 2023 topazus topazus@outlook.com - 2023.04-1 - Update to 2023.04 --------------------------------------------------------------------------------

================================================================================ rubygem-redcarpet-3.3.2-26.fc37 (FEDORA-2023-8682a0e17d) A fast, safe and extensible Markdown to (X)HTML parser -------------------------------------------------------------------------------- Update Information:

A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue is now assigned as CVE-2020-26298. This new rpm should fix this issue. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Mamoru TASAKA mtasaka@fedoraproject.org - 3.3.2-26 - Bacckport upstream patch for CVE-2020-26298 (bug 1915370) * Fri Jan 20 2023 Fedora Release Engineering releng@fedoraproject.org - 3.3.2-25 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Wed Jan 4 2023 Mamoru TASAKA mtasaka@fedoraproject.org - 3.3.2-24 - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_3.2 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1915371 - CVE-2020-26298 rubygem-redcarpet: does not escape HTML when processing quotes which could result in XSS vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1915371 --------------------------------------------------------------------------------

================================================================================ rust-anyhow-1.0.71-1.fc37 (FEDORA-2023-73dee7b282) Flexible concrete Error type built on std::error::Error -------------------------------------------------------------------------------- Update Information:

Update to version 1.0.71. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Fabio Valentini decathorpe@gmail.com - 1.0.71-1 - Update to version 1.0.71; Fixes RHBZ#2192129 --------------------------------------------------------------------------------

================================================================================ rust-matrixmultiply-0.3.5-1.fc37 (FEDORA-2023-6901453605) General matrix multiplication for f32 and f64 matrices -------------------------------------------------------------------------------- Update Information:

Update to version 0.3.5. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Fabio Valentini decathorpe@gmail.com - 0.3.5-1 - Update to version 0.3.5; Fixes RHBZ#2191693 --------------------------------------------------------------------------------

================================================================================ rust-quoted_printable-0.4.8-1.fc37 (FEDORA-2023-63a6c7238e) Simple encoder/decoder for quoted-printable data -------------------------------------------------------------------------------- Update Information:

Update to version 0.4.8. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Fabio Valentini decathorpe@gmail.com - 0.4.8-1 - Update to version 0.4.8; Fixes RHBZ#2192096 --------------------------------------------------------------------------------

================================================================================ rust-uuid-1.3.2-1.fc37 (FEDORA-2023-e674fe1b4b) Library to generate and parse UUIDs -------------------------------------------------------------------------------- Update Information:

Update to version 1.3.2. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 30 2023 Fabio Valentini decathorpe@gmail.com - 1.3.2-1 - Update to version 1.3.2; Fixes RHBZ#2192075 --------------------------------------------------------------------------------