Fedora Modular 27 compose report: 20171028.n.0 changes
by Fedora Branched Report
OLD: Fedora-Modular-27-20171028.n.0
NEW: Fedora-Modular-27-20171028.n.0
===== SUMMARY =====
Added images: 0
Dropped images: 0
Added packages: 0
Dropped packages: 0
Upgraded packages: 0
Downgraded packages: 0
Size of added packages: 0.00 B
Size of dropped packages: 0.00 B
Size of upgraded packages: 0.00 B
Size of downgraded packages: 0.00 B
Size change of upgraded packages: 0.00 B
Size change of downgraded packages: 0.00 B
===== ADDED IMAGES =====
===== DROPPED IMAGES =====
===== ADDED PACKAGES =====
===== DROPPED PACKAGES =====
===== UPGRADED PACKAGES =====
===== DOWNGRADED PACKAGES =====
2 months, 3 weeks
Re: Criteria / validation proposal: drop Xen
by Adam Williamson
On Thu, 2017-07-06 at 15:13 -0400, Konrad Rzeszutek Wilk wrote:
> On Thu, Jul 06, 2017 at 11:59:01AM -0700, Adam Williamson wrote:
> > Hi, folks! A while ago, Xen virtualization functionality was added to
> > the criteria and the validation test case set, on the understanding
> > that Oracle would provide testing for it (and help fix bugs as they
> > arose).
> >
> > For the last couple of releases we really have not had any such testing
>
> We had been doing the testing, it just that we (or rather me and
> Dariof) seem to get a wind of this at the last minute. Not sure exactly
> how to fix that thought.
Well, I mean, every few *days* a compose gets nominated for validation
testing, and a mail is sent to test-announce. Just check your test-
announce archives for mails with "nominated for testing" in their
subject lines, and you'll see dozens. Is this not sufficient
notification?
> > from Oracle. On that basis, I'm proposing we remove this Final
> > criterion:
>
> s/Oracle/Xen Project/ I believe?
Perhaps, it's just that it always seemed to be you doing the testing,
so they got a bit conflated :)
> > "The release must boot successfully as Xen DomU with releases providing
> > a functional, supported Xen Dom0 and widely used cloud providers
> > utilizing Xen."
> >
> > and change the 'milestone' for the test case -
> > https://fedoraproject.org/wiki/QA:Testcase_Boot_Methods_Xen_Para_Virt -
> > from Final to Optional.
> >
> > Thoughts? Comments? Thanks!
>
> I would prefer for it to remain as it is.
This is only practical if it's going to be tested, and tested regularly
- not *only* on the final release candidate, right before we sign off
on the release. It needs to be tested regularly throughout the release
cycle, on the composes that are "nominated for testing".
Thanks!
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
1 year, 9 months
Blocking criteria proposal for F30+: Printing
by Stephen Gallagher
There was a bug[1] filed recently that indicated that printing was
broken on certain printers. As a result of that discussion, it became
apparent that there was no criteria for printing to work at all, which
seems like an oversight.
I discussed this briefly with Matthias Clasen this morning and he
agreed that this should be treated as blocking for Workstation.
I'd like to propose that we add the following criteria to Beta for Fedora 30+:
* Printing must work on at least one printer available to Fedora QA.
"Work" is defined as the output from the device matching a preview
shown on the GNOME print preview display. (Note that differences in
color reproduction are not considered "non-working".)
and this to Final for Fedora 30+:
* Printing must work on at least one printer using each of the
following drivers:
(I don't know which ones to specify here, but we ought to try to
figure out a cross-section that covers a large swath of our expected
user base).
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1628255
1 year, 9 months
Proposal to modify release criteria for fwraid
by Stephen Gallagher
At yesterday's F29 Go/No-Go meeting, we discussed the blocker status
of BZ #1628192 - Fedora 29 installation cannot see a firmware RAID
device. While the blocker criteria clearly states that this should be
a blocker for Beta, many of the people present at the meeting
disagreed, for a variety of reasons.
* Hardware supporting fwraid is considerably less pervasive than it
was when the criterion was written
* Testing this criterion can only be done with install media, which
limits our testing pool to the very dedicated members of Fedora QA.
Yes, anyone *can* download a nightly compose and try it, but in
practice this tends to be limited to the core testers. The majority of
testing that this feature will get will tend to happen as people try
out the Beta release.
To that end, I'd like to propose that we make the following change to
the criteria going forward:
"The blocking criterion for successful installation atop a firmware
RAID array is moved to the GA release criteria."
2 years, 2 months
Nvidia and Fedora current state
by Michael Schwendt
What's the current state of Fedora with regard to Nvidia graphics hardware?
Should it just work?
On a machine with GeForce GTX 1060, Fedora 28 suffers badly from freezes and
slowdowns during boot, unbearable slow mouse movement on the GDM login
screen, then more freezes before GNOME Shell appears but isn't really
usable because everything is slow as a snail. Switching the login settings
from Wayland to Xorg at least results in a usable GNOME Shell. Installing
the Nvidia driver packages from rpmfusion hasn't made a difference.
The current Fedora 29 Live Workstation image starts, but faces mysterious
freezes before the desktop appears. Installation to harddisk has worked, but
I've run into a series of unrelated issues, and the performance of GNOME Shell
isn't pretty. It takes too long to start a terminal, or suddenly the shell
freezes for 10-15 seconds and restarts.
2 years, 2 months
Test Results:Fedora 29 RC 1.2 Desktop
by pmkellly@frontier.com
In regard to the test results page and the specified order of testing:
Following up on a comment I made on a message earlier today concerning
if the updates-testing repo should be enabled for Anaconda installs and
the impression I am under that we want to do testing on each drop
according to this matrix before any updates are applied I edited the
subject page to move the Updates Graphical test to be the last test in
the Beta sequence.
I searched for the source of the matrix, but could not find it. Then I
considered that that each matrix may be made by editing the last one.
That's why I edited this page at least to get the suggestion going.
I would further suggest that we add a command line DNF test at the end
of the final sequence, but I did not add such a test to the page.
Awaiting your feedback.
Have a Great Day!
Pat (tablepc)
2 years, 2 months
fc29 + nvidia + xorg
by Julen Landa Alustiza
Hi, I'm suffering a very strange behaviour on my wks and I would like to
know if it's a general issue or just my setup before going further.
I upgraded an fc28 wks to fc29 yesterday. fc28 was almost a default wks +
nvidia drivers, I don't have more extra repos nor too much extra packages.
It had uncommented the waylandEnabled=false line on /etc/gdm/custom.conf
After upgrading first boot went on and it worked properly. I rebooted the
machine and ended with a stucked gdm after login in with my standard user.
It looked like being to trying to go with wayland on nvidia, so I rebooted
the machine to init 3 to fix the problem.
First weird situation: I found /etc/gdm/custom.conf with
waylandEnabled=true. wtf, i swear I did 't change it. I fixed the line and
exec init 5 as root. gdm goes properly to xorg and I continued working.
Second reboot, and same gdm stucking issue. This time /etc/gdm/custom.conf
continues with false for waylandEnabled. there is nothing strange on
/run/gdm/custom.conf either.
Ok, I went init 3 again. sudo init 5 just after login on text console ends
with a working gdm. going to runlevel 5 directly ends on gdm stucked after
login.
I haven't have time to look further and I won't touch that box again until
monday
Is someone else having this kind of issues with default workstatin install
+ nvidia or it's just my box?
It's a ryzen with a nvidia 1060.
Regards,
2 years, 2 months
Fedora 27 updates-testing report
by updates@fedoraproject.org
The following Fedora 27 Security updates need testing:
Age URL
257 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
189 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27
152 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27
143 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27
120 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27
120 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27
77 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27
77 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27
27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6 xerces-c27-2.7.0-28.fc27
22 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3e010c6501 chromium-69.0.3497.100-1.fc27
15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28ea2290ad python33-3.3.7-3.fc27
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c9120d494 rpm-4.14.2.1-1.fc27
5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f20a0cead5 xen-4.9.3-2.fc27
5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d527206a77 roundcubemail-1.3.8-1.fc27
3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-56ec0ccd82 feh-2.28-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
173 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
133 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27
97 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27
77 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27
18 https://bodhi.fedoraproject.org/updates/FEDORA-2018-5a93cc4270 gnome-software-3.28.2-4.fc27
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2c9120d494 rpm-4.14.2.1-1.fc27
5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f20a0cead5 xen-4.9.3-2.fc27
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-845c2b9bc6 highlight-3.47-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
NetworkManager-1.8.8-2.fc27
cabextract-1.8-1.fc27
drupal7-7.60-2.fc27
dwgrep-0.4-1.fc27
et-5.1.8-1.fc27
ghostwriter-1.7.3-1.fc27
grass-7.4.2-1.fc27
ipmctl-01.00.00.3344-1.fc27
java-1.8.0-openjdk-aarch32-1.8.0.191.181022-1.fc27
jglobus-2.1.0-11.fc27
libabigail-1.5-1.fc27
libgit2-0.26.8-1.fc27
libmspack-0.8-0.1.alpha.fc27
libssh-0.7.7-1.fc27
libtaskotron-0.9.1-1.fc27
lldpad-1.0.1-9.git036e314.fc27
lollypop-0.9.610-1.fc27
mkvtoolnix-28.2.0-1.fc27
perl-CPAN-Perl-Releases-3.80-1.fc27
perl-DateTime-TimeZone-2.21-1.fc27
perl-IRI-0.009-1.fc27
php-Smarty2-2.6.31-2.fc27
php-pear-CAS-1.3.6-1.fc27
php-pecl-psr-0.5.1-1.fc27
php-samyoul-u2f-php-server-1.1.4-1.fc27
pungi-4.1.30-1.fc27
python-requests-2.20.0-1.fc27
qt-virt-manager-0.70.91-1.fc27
uronode-2.9-4.fc27
wingpanel-indicator-notifications-2.1.2-1.fc27
Details about builds:
================================================================================
NetworkManager-1.8.8-2.fc27 (FEDORA-2018-fc3018b1bd)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin
(CVE-2018-15688)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Thomas Haller <thaller(a)redhat.com> - 1:1.8.8-2
- dhcp: fix out-of-bounds heap write for DHCPv6 with internal plugin (CVE-2018-15688)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639067 - CVE-2018-15688 systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling
https://bugzilla.redhat.com/show_bug.cgi?id=1639067
--------------------------------------------------------------------------------
================================================================================
cabextract-1.8-1.fc27 (FEDORA-2018-c73d257297)
Utility for extracting cabinet (.cab) archives
--------------------------------------------------------------------------------
Update Information:
Latest stable releases of libmspack and cabextract, includes security fixes for
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.8-1
- 1.8
* Wed Jul 25 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 1.7-1
- 1.7 (#1186186)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1610941 - CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
https://bugzilla.redhat.com/show_bug.cgi?id=1610941
[ 2 ] Bug #1610896 - CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1610896
[ 3 ] Bug #1610934 - CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks
https://bugzilla.redhat.com/show_bug.cgi?id=1610934
[ 4 ] Bug #1644215 - CVE-2018-18585 libmspack: NULL pointer dereference in chmd_read_headers in mspack/chmd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1644215
[ 5 ] Bug #1644214 - CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
https://bugzilla.redhat.com/show_bug.cgi?id=1644214
--------------------------------------------------------------------------------
================================================================================
drupal7-7.60-2.fc27 (FEDORA-2018-4c0b99a9eb)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
* https://www.drupal.org/project/drupal/releases/7.60 * [SA-
CORE-2018-006](https://www.drupal.org/SA-CORE-2018-006)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.60-2
- Explicit python dependencies
- Explicit python2 except el5
- See https://koji.fedoraproject.org/koji/buildinfo?buildID=1156502
* Sat Oct 27 2018 Shawn Iwinski <shawn.iwinski(a)gmail.com> - 7.60-1
- Update to 7.60 (RHBZ #1643121 / RHBZ #1643122 / RHBZ #1643124 / SA-CORE-2018-006)
- Remove patch drupal-7.14-CVE-2012-2922 (see https://groups.drupal.org/node/230373)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.59-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643121 - drupal: Multiple Vulnerabilities - SA-CORE-2018-006
https://bugzilla.redhat.com/show_bug.cgi?id=1643121
--------------------------------------------------------------------------------
================================================================================
dwgrep-0.4-1.fc27 (FEDORA-2018-a8cf7e71fe)
A tool for querying Dwarf (debuginfo) graphs
--------------------------------------------------------------------------------
Update Information:
- Rebase to 0.4 (https://github.com/pmachata/dwgrep/releases/tag/0.4)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Petr Machata <pmachata(a)gmail.com> - 0.4-1
- Rebase to 0.4
--------------------------------------------------------------------------------
================================================================================
et-5.1.8-1.fc27 (FEDORA-2018-9803c36bdb)
Remote shell that survives IP roaming and disconnect
--------------------------------------------------------------------------------
Update Information:
Fix crash when two clients join the same server simultaneously
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Michel Alexandre Salim <salimma(a)fedoraproject.org> - 5.1.8-1
- https://github.com/MisterTea/EternalTerminal/releases/tag/et-v5.1.8
--------------------------------------------------------------------------------
================================================================================
ghostwriter-1.7.3-1.fc27 (FEDORA-2018-f9c6871840)
Cross-platform, aesthetic, distraction-free Markdown editor
--------------------------------------------------------------------------------
Update Information:
Initial release.
--------------------------------------------------------------------------------
================================================================================
grass-7.4.2-1.fc27 (FEDORA-2018-9b69c5d131)
GRASS GIS - Geographic Resources Analysis Support System
--------------------------------------------------------------------------------
Update Information:
new upstream version GRASS GIS 7.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 28 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.2-0
- new upstream version 7.4.2
* Sun Sep 9 2018 Pavel Raiskup <praiskup(a)redhat.com> - 7.4.1-8
- Clean up of PostgreSQL support (PR#4)
* Tue Jul 31 2018 Florian Weimer <fweimer(a)redhat.com> - 7.4.1-7
- Rebuild with fixed binutils
* Sun Jul 29 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-6
- added BuildRequires gcc-c++ to address RHBZ #1604262 due to RHBZ #1551327 (removing gcc and gcc-c++ from default buildroot)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.4.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sun Jul 8 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-4
- fix Python macro to explicitely use Python 2 interpreter
* Sat Jul 7 2018 Scott Talbert <swt(a)techie.net> - 7.4.1-3
- Update BRs: remove wxGTK-devel and add cairo-devel
* Sat Jun 23 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-2
- fix wxPython package dependency name for CentOS7
* Tue Jun 12 2018 Markus Neteler <neteler(a)mundialis.de> - 7.4.1-1
- new upstream version 7.4.1
- do not fail on EPEL6 with appstream-util
--------------------------------------------------------------------------------
================================================================================
ipmctl-01.00.00.3344-1.fc27 (FEDORA-2018-4bc6bc0654)
Utility for managing Intel Optane DC persistent memory modules
--------------------------------------------------------------------------------
Update Information:
Release v01.00.00.3344
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Juston Li <juston.li(a)intel.com> - 01.00.00.3344-1
- Release 01.00.00.3279
- logrotate and python spec patches removed, in upstream
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-aarch32-1.8.0.191.181022-1.fc27 (FEDORA-2018-cca64e06ba)
OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project
--------------------------------------------------------------------------------
Update Information:
8u191 update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Alex Kashchenko <akashche(a)redhat.com> - 1:1.8.0.191-1.181022
- update sources to 8u191
- sync with mainline package
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-11.fc27 (FEDORA-2018-6595344cfd)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
Apply patches from OSG/WLCG.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.1.0-11
- Apply patches from OSG/WLCG
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed May 2 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 2.1.0-9
- Disble axis and tomcat modules for Fedora >= 28 (missing dependencies)
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.1.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libabigail-1.5-1.fc27 (FEDORA-2018-2d27f4d2dd)
Set of ABI analysis tools
--------------------------------------------------------------------------------
Update Information:
Update to upstream 1.5 tarball
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 25 2018 Dodji Seketeli <dodji(a)seketeli.org> - 1.5-1
- Update to upstream 1.5 tarball
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1638554 - abipkgdiff: abg-comp-filter.cc:902: bool abigail::comparison::filtering::is_mostly_distinct_diff(const abigail::comparison::diff*): Assertion `td' failed.
https://bugzilla.redhat.com/show_bug.cgi?id=1638554
--------------------------------------------------------------------------------
================================================================================
libgit2-0.26.8-1.fc27 (FEDORA-2018-3448c8aec1)
C implementation of the Git core methods as a library with a solid API
--------------------------------------------------------------------------------
Update Information:
Update to 0.26.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 26 2018 Pete Walter <pwalter(a)fedoraproject.org> - 0.26.8-1
- Update to 0.26.8
- Update upstream URL
--------------------------------------------------------------------------------
================================================================================
libmspack-0.8-0.1.alpha.fc27 (FEDORA-2018-c73d257297)
Library for CAB and related files compression and decompression
--------------------------------------------------------------------------------
Update Information:
Latest stable releases of libmspack and cabextract, includes security fixes for
CVE-2018-14680, CVE-2018-14681, CVE-2018-14682, CVE-2018-18584, CVE-2018-18585
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Rex Dieter <rdieter(a)fedoraproject.org> - 0.8-0.1.alpha
- 0.8alpha
- use %make_build %make_install %ldconfig_scriptlets %license
- devel: use %{?_isa} to tighten dep on main pkg
- drop deprecated Group: tag
- %files: tighten to include library soname
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1610941 - CVE-2018-14682 libmspack: off-by-one error in the TOLOWER() macro for CHM decompression
https://bugzilla.redhat.com/show_bug.cgi?id=1610941
[ 2 ] Bug #1610896 - CVE-2018-14681 libmspack: out-of-bounds write in kwajd_read_headers in mspack/kwajd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1610896
[ 3 ] Bug #1610934 - CVE-2018-14680 libmspack: off-by-one error in the CHM chunk number validity checks
https://bugzilla.redhat.com/show_bug.cgi?id=1610934
[ 4 ] Bug #1644215 - CVE-2018-18585 libmspack: NULL pointer dereference in chmd_read_headers in mspack/chmd.c
https://bugzilla.redhat.com/show_bug.cgi?id=1644215
[ 5 ] Bug #1644214 - CVE-2018-18584 libmspack: Out-of-bounds write in mspack/cab.h
https://bugzilla.redhat.com/show_bug.cgi?id=1644214
--------------------------------------------------------------------------------
================================================================================
libssh-0.7.7-1.fc27 (FEDORA-2018-6d5b4aca58)
A library implementing the SSH protocol
--------------------------------------------------------------------------------
Update Information:
Update to version 0.7.7
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Andreas Schneider <asn(a)redhat.com> - 0.7.7-1
- Update to version 0.7.7
https://www.libssh.org/2018/10/29/libssh-0-8-5-and-libssh-0-7-7/
--------------------------------------------------------------------------------
================================================================================
libtaskotron-0.9.1-1.fc27 (FEDORA-2018-b24b0d429b)
Taskotron Support Library
--------------------------------------------------------------------------------
Update Information:
Update for Fedora 29 GA
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 0.9.1-1
- Fedora 29 GA
--------------------------------------------------------------------------------
================================================================================
lldpad-1.0.1-9.git036e314.fc27 (FEDORA-2018-e9d1ec6dbc)
Intel LLDP Agent
--------------------------------------------------------------------------------
Update Information:
- Add upstream fix for improper sanitization of shell-escape codes when lldptool
parses a mngAddr TLV (CVE-2018-10932). - Add upstream patch to support DSCP
selectors in APP TLVs. This allows configuration of DSCP-based packet
prioritization on capable network devices.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 16 2018 Petr Machata <pmachata(a)gmail.com> - 1.0.1-9.git036e314
- Add open-lldp-v1.0.1-29-basman_clif-print-the-OID-properly.patch (BZ 1614932,
1614896 (CVE-2018-10932)
- Add open-lldp-v1.0.1-28-support-DSCP-selectors.patch (BZ 1618377)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1614896 - CVE-2018-10932 lldptool: improper sanitization of shell-escape codes
https://bugzilla.redhat.com/show_bug.cgi?id=1614896
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.610-1.fc27 (FEDORA-2018-b17408dc41)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.610 ---- Update to 0.9.609 ---- Update to 0.9.608 ----
Update to 0.9.607 ---- Update to 0.9.605
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.610-1
- Update to 0.9.610
* Thu Oct 25 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.609-1
- Update to 0.9.609
* Thu Oct 25 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.608-1
- Update to 0.9.608
* Mon Oct 22 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.607-1
- Update to 0.9.607
* Fri Oct 19 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.605-1
- Update to 0.9.605
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1641370 - [abrt] lollypop: _on_populated(): view.py:272:_on_populated:AttributeError: 'RadioWidget' object has no attribute 'is_populated'
https://bugzilla.redhat.com/show_bug.cgi?id=1641370
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-28.2.0-1.fc27 (FEDORA-2018-8587111c5a)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
# Version 28.2.0 "The Awakening" 2018-10-25 ## Bug fixes * mkvmerge, mkvinfo,
mkvextract, mkvpropedit, MKVToolNix GUI's info tool & chapter editor: fixed a
case of memory being accessed after it had been freed earlier. This can be
triggered by specially crafted Matroska files and lead to arbitrary code
execution. The vulnerability was reported as Cisco TALOS 2018-0694 on
2018-10-25. # Version 28.1.0 "Morning Child" 2018-10-23 ## Bug fixes *
mkvmerge: AV1 parser: fixed an error in the sequence header parser if neither
the `reduced_still_picture_header` nor the `frame_id_numbers_present_flag` is
set. Part of the fix for #2410. * mkvmerge: AV1 parser: when creating the `av1C`
structure for the Codec Private element the sequence header OBU wasn't copied
completely: its common data (type field & OBU size among others) was missing.
Part of the fix for #2410. * mkvmerge: Matroska reader, AV1: mkvmerge will try
to re-create the `av1C` data stored in Codec Private when reading AV1 from
Matroska or WebM files created by mkvmerge v28.0.0. Part of the fix for #2410. *
MKVToolNix GUI: info tool: the tool will no longer stop scanning elements when
an EBML Void element is found after the first Cluster element. Fixes #2413. #
Version 28.0.0 "Voice In My Head" 2018-10-20 ## New features and enhancements
* mkvmerge: AV1 parser: updated the code for the finalized AV1 bitstream
specification. Part of the implementation of #2261. * mkvmerge: AV1 packetizer:
updated the code for the finalized AV1-in-Matroska & WebM mapping specification.
Part of the implementation of #2261. * mkvmerge: AV1 support: the `--engage
enable_av1` option has been removed again. Part of the implementation of #2261.
* mkvmerge: MP4 reader: added support for AV1. Part of the implementation of
#2261. * mkvmerge: DTS: implemented dialog normalization gain removal for
extension substreams. Implements #2377. * mkvmerge, mkvextract: simple text
subtitles: added a workaround for simple text subtitle tracks that don't contain
a duration. Implements #2397. * mkvextract: added support for extracting AV1 to
IVF. Part of the implementation of #2261. * mkvextract: IVF extractor (AV1, VP8,
VP9): precise values will be used for the frame rate numerator & denominator
header fields for certain well-known values of the track's default duration. *
mkvmerge: VP9: mkvmerge will now create codec private data according to the VP9
codec mapping described in the WebM specifications. Implements #2379. *
MKVToolNix GUI: automatic scaling for high DPI displays is activated if the GUI
is compiled with Qt ��� 5.6.0. Fixes #1996 and #2383. * MKVToolNix GUI: added a
menu item ("Help" ��� "System information") for displaying information about the
system MKVToolNix is running on in order to make debugging easier. * MKVToolNix
GUI: multiplexer, header editor: the user can enter a list of predefined track
names in the preferences. She can later select from them in "track name" combo
box. Implements #2230. ## Bug fixes * mkvmerge: JSON identification: fixed a
bug when removing invalid UTF-8 data from strings before they're output as JSON.
Fixes #2398. * mkvmerge: MP4/QuickTime reader: fixed handling of PCM audio with
FourCC `in24`. Fixes #2391. * mkvmerge: MPEG transport stream reader, teletext
subtitles: the decision whether or not to keep frames around in order to
potentially merge them with the following frame is made sooner. That avoids
problems if there are large gaps between teletext subtitle frames which could
lead to frames being interleaved too late. Fixes #2393. * mkvextract: IVF
extractor (AV1, VP8, VP8): the frame rate header fields weren't clamped to 16
bits properly causing wrong frame rates to be written in certain situations. *
mkvpropedit, MKVToolNix GUI's header editor: fixed file corruption when a one-
byte space must be covered with a new EBML void element but all surrounding
elements have a "size length" field that's eight bytes long already. Fixes
#2406.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Dominik Mierzejewski <rpm(a)greysector.net> - 28.2.0-1
- update to 28.2.0
- fixes CVE-2018-4022 (#1644258)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644258 - CVE-2018-4022 mkvtoolnix: MKVINFO read_one_element code execution vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1644258
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.80-1.fc27 (FEDORA-2018-55f26d4c2b)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.80-1
- 3.80 bump
* Tue Oct 23 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.78-1
- 3.78 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643844 - Upgrade perl-CPAN-Perl-Releases to 3.80
https://bugzilla.redhat.com/show_bug.cgi?id=1643844
[ 2 ] Bug #1641955 - Upgrade perl-CPAN-Perl-Releases to 3.78
https://bugzilla.redhat.com/show_bug.cgi?id=1641955
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-TimeZone-2.21-1.fc27 (FEDORA-2018-818e13f8b3)
Time zone object base class and factory
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version ---- Updated to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.21-1
- 2.21 bump (2018g Olson database)
* Fri Oct 19 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 2.20-1
- 2.20 bump (2018f Olson database)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643850 - Upgrade perl-DateTime-TimeZone to 2.21
https://bugzilla.redhat.com/show_bug.cgi?id=1643850
[ 2 ] Bug #1640990 - Upgrade perl-DateTime-TimeZone to 2.20
https://bugzilla.redhat.com/show_bug.cgi?id=1640990
--------------------------------------------------------------------------------
================================================================================
perl-IRI-0.009-1.fc27 (FEDORA-2018-7e3e33171d)
Internationalized Resource Identifiers
--------------------------------------------------------------------------------
Update Information:
This release corrects required minimal Perl version. We deliver it only to
provide up-to-date module version string.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Petr Pisar <ppisar(a)redhat.com> - 0.009-1
- 0.009 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1644619 - Upgrade perl-IRI to 0.009
https://bugzilla.redhat.com/show_bug.cgi?id=1644619
--------------------------------------------------------------------------------
================================================================================
php-Smarty2-2.6.31-2.fc27 (FEDORA-2018-60c74d2b16)
Smarty - the compiling PHP template engine
--------------------------------------------------------------------------------
Update Information:
2017-11-03 * replace functions deprecated in PHP 7.2 2016-09-11 Uwe Tews *
{math} fix parameter checking order to avoid misleading message * {math} replace
wrong versiom 2016-07-19 Uwe Tews * {math} shell injection vulnerability
patch provided by Tim Weber 2015-12-30 Uwe Tews * fixed plugin filepath
cache must not be static, because of possible problem when using multiple
Smarty instances with diffrent plugins_dir settings https://github.com/smarty-
php/smarty/issues/146 2015-06-21 Uwe Tews * PHP7 raises E_DEPRECATED use
__construct for compatibility 2013-09-30 * Fixed old vulnerability bug
https://bugs.gentoo.org/show_bug.cgi?id=356615 2013-07-16 Uwe Tews * Fixed
made Smarty_Compiler.class.php compatible with PHP 5.5
--------------------------------------------------------------------------------
ChangeLog:
* Sat Oct 27 2018 Shawn Iwinski <shawn(a)iwin.ski> - 2.6.31-2
- Add composer provides
* Sat Oct 27 2018 Shawn Iwinski <shawn(a)iwin.ski> - 2.6.31-1
- Update to 2.6.31
- Update license from LGPLv2+ to LGPLv3
- Full spec update
- Remove broken demo files
- Add autoloader
- Move license file from docs directory to shared licenses directory
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.27-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.27-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-pear-CAS-1.3.6-1.fc27 (FEDORA-2018-95695b59c7)
Central Authentication Service client library in php
--------------------------------------------------------------------------------
Update Information:
**Version 1.3.6** **Security Fixes:** * Fix XSS in proxy mode [#271]
(Joachim Fritschi) **Bug Fixes:** * Fix bad condition [#252] (Brice
Vercoustre) * Hash ticket strings to generate valid-length session-ids [#224,
#244, #248] (Adam Franco) * Fix "phpCAS" class capitalization in code [#273,
#277] (phy25) **Improvement:** * Remove fallback for __autoload [#247]
(marinaglancy) * More robust check for Windows OS in File.php [#275]
(xamount) * Fix continue statement within switch/case for php 7.3
compatibility [#278] (stonk7)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 26 2018 Remi Collet <remi(a)remirepo.net> - 1.3.6-1
- update to 1.3.6
- new github and packagist owner
--------------------------------------------------------------------------------
================================================================================
php-pecl-psr-0.5.1-1.fc27 (FEDORA-2018-0016b4e188)
PSR interfaces
--------------------------------------------------------------------------------
Update Information:
**Version 0.5.1** - Fix `Psr\Http\Message\ServerRequestInterface` not actually
extending `Psr\Http\Message\RequestInterface`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Remi Collet <remi(a)remirepo.net> - 0.5.1-1
- update to 0.5.1
--------------------------------------------------------------------------------
================================================================================
php-samyoul-u2f-php-server-1.1.4-1.fc27 (FEDORA-2018-8e1ed9d0a3)
Server side handling class for FIDO U2F registration and authentication
--------------------------------------------------------------------------------
Update Information:
**Version 1.1.4** * fix issue when there is more than one U2F key registered
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
pungi-4.1.30-1.fc27 (FEDORA-2018-653a7a63f1)
Distribution compose tool
--------------------------------------------------------------------------------
Update Information:
* Fix dependencies in `pungi-legacy` subpackage. * Include fixes for ISOs
containing multiple variants. * Fix issues with hybrid depsolver.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 31 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.30-1
- gather: Expand wildcards in Pungi (lsedlar)
- repoclosure: Extract logs from hybrid solver (lsedlar)
- gather: Track multilib that doesn't exist (lsedlar)
- Get the NSVC from Koji module CG build metadata (jkaluza)
- extra_iso: Include media.repo and .discinfo (lsedlar)
- hybrid: Don't add debuginfo as langpacks (lsedlar)
- fus: Write solvables to file (lsedlar)
- hybrid: Honor filter_packages (lsedlar)
- Include all test fixtures in source tarball (lsedlar)
- extra-iso: Use correct efiboot.img file (lsedlar)
- extra-iso: Fix treeinfo (lsedlar)
- createiso: Move code for tweaking treeinfo into a function (lsedlar)
- extra-iso: Generate jigdo by default (lsedlar)
* Mon Oct 15 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-3
- Save memory less agressively
* Wed Oct 10 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-2
- Add dependency on xorriso to pungi-legacy
- Bump dependency on python-productmd
* Wed Oct 10 2018 Lubom��r Sedl���� <lsedlar(a)redhat.com> - 4.1.29-1
- hybrid: Only include modules that are not in lookaside (lsedlar)
- Try to be more conservative about memory usage (lsedlar)
- hybrid: Remove modules not listed by fus (lsedlar)
- gather: Make devel modules configurable (lsedlar)
- pkgset: Stop prefilling RPM artifacts (lsedlar)
- gather: Create devel module for each normal module (lsedlar)
- pkgset: Save package set for each module (lsedlar)
- fus: List lookaside repos first (lsedlar)
- gather: Work with repos without location_base (lsedlar)
- Remove extra dependencies (lsedlar)
- Set repodata mtime to SOURCE_DATE_EPOCH (marmarek)
- Make sure .treeinfo file is sorted (marmarek)
- Use constant MBR ID for isohybrid (marmarek)
- Use xorriso instead of genisoimage (marmarek)
- Use $SOURCE_DATE_EPOCH (if set) in discinfo file (marmarek)
- unified_isos: Add extra variants to metadata (lsedlar)
- extra_iso: Add list of variants to metadata (lsedlar)
- linker: Simplify creating pool (lsedlar)
- gather: Hide pid of fus process (lsedlar)
- fus: Strip protocol from repo path (lsedlar)
- Add 'pkgset_koji_builds' option to include extra builds in a compose
(jkaluza)
- ostree: Reduce duplication in tests (lsedlar)
- ostree: Use --touch-if-changed (lsedlar)
- ostree: Fix handler crash without commit ID (lsedlar)
- gather: Filter arches similarly to pkgset (lsedlar)
- Stop shipping and remove RELEASE-NOTES (pbrobinson)
--------------------------------------------------------------------------------
================================================================================
python-requests-2.20.0-1.fc27 (FEDORA-2018-41320b315a)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
- Update to v2.20.0 - Includes fix for CVE-2018-18074
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 29 2018 Jeremy Cline <jeremy(a)jcline.org> - 2.20.0-1
- Update to v2.20.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1643830 - CVE-2018-18074 python-requests: Redirect from HTTPS to HTTP does not remove Authorization header [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1643830
[ 2 ] Bug #1591531 - python-requests-2.19.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1591531
--------------------------------------------------------------------------------
================================================================================
qt-virt-manager-0.70.91-1.fc27 (FEDORA-2018-fbf868c03b)
Qt Virtual Machine Manager
--------------------------------------------------------------------------------
Update Information:
some enhancements;
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 24 2018 Fl@sh <kaperang07(a)gmail.com> - 0.70.91-1
- version updated;
--------------------------------------------------------------------------------
================================================================================
uronode-2.9-4.fc27 (FEDORA-2018-a28a4187c3)
Alternative packet radio system for Linux
--------------------------------------------------------------------------------
Update Information:
This is an update fixing logging of users after clean installation.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.9-4
- Create empty database of current users
* Fri Jul 20 2018 Jaroslav ��karvada <jskarvad(a)redhat.com> - 2.9-3
- Fixed FTBFS by adding gcc requirement
Resolves: rhbz#1606621
- Cleaned leftover files
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
wingpanel-indicator-notifications-2.1.2-1.fc27 (FEDORA-2018-3467424b36)
Notifications Indicator for wingpanel
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.2. Release notes: https://github.com/elementary
/wingpanel-indicator-notifications/releases/tag/2.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 30 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.2-1
- Update to version 2.1.2.
--------------------------------------------------------------------------------
2 years, 2 months