The following Fedora 27 Security updates need testing:
Age URL
285 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
217 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8dc6395408 dpdk-17.08.2-1.fc27
180 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3b33f65b01 nodejs-brace-expansion-1.1.11-1.fc27
172 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a748acc219 unrtf-0.21.9-8.fc27
148 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6ccdeb750 mailman-2.1.21-9.fc27
148 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc864bb9e1 openslp-2.0.0-15.fc27
106 https://bodhi.fedoraproject.org/updates/FEDORA-2018-21ffebf41c tomcat-8.0.53-1.fc27
106 https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8533a3ef1 unixODBC-2.3.7-1.fc27
55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fc2ba807a6 xerces-c27-2.7.0-28.fc27
28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4c0b99a9eb drupal7-7.60-2.fc27
28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-60c74d2b16 php-Smarty2-2.6.31-2.fc27
15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0363fec36c chromium-70.0.3538.77-4.fc27
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c271659b1e nginx-1.14.1-1.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4ec3eecd7f moodle-3.3.9-1.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28b19d8c63 tmux-2.8-2.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-65848eed6d webkitgtk4-2.22.4-1.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
201 https://bodhi.fedoraproject.org/updates/FEDORA-2018-25d5c86330 libidn-1.34-2.fc27 mcabber-1.1.0-1.fc27.1 pidgin-2.13.0-1.fc27.1 python-slixmpp-1.3.0-5.fc27.1
161 https://bodhi.fedoraproject.org/updates/FEDORA-2018-200dba6b93 upower-0.99.8-1.fc27
125 https://bodhi.fedoraproject.org/updates/FEDORA-2018-05a68ea22e geoclue2-2.4.11-1.fc27
105 https://bodhi.fedoraproject.org/updates/FEDORA-2018-20c3deae24 iproute-4.17.0-1.fc27
21 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6c6faa135b selinux-policy-3.13.1-284.38.fc27
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a864e8515f osinfo-db-20181116-1.fc27
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-65848eed6d webkitgtk4-2.22.4-1.fc27
4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-692dd693ab thunderbird-60.3.1-1.fc27
The following builds have been pushed to Fedora 27 updates-testing
glibc-2.26-32.fc27
ibus-typing-booster-2.2.1-2.fc27
java-runtime-decompiler-2.0-2.fc27
mysql-connector-java-8.0.13-1.fc27
Details about builds:
================================================================================
glibc-2.26-32.fc27 (FEDORA-2018-f27586cce9)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update for the `glibc` package addresses one moderate security
vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in
`if_nametoindex` can lead to a denial of service due to resource exhaustion when
processing `getaddrinfo` calls with crafted host names. Reported by Guido
Vranken. (RHBZ#1654000) * Failure to create the helper thread for
`getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain
Haswell-class Intel CPUs, string function feature flags could be set
incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980)
* Parallel building of locales led to nondeterminism in the RPM build process.
(RHBZ#1652228) * Various minor bug fixes from the upstream 2.26 release branch
were imported as part of this update
([swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630),
[swbz#22446](https://sourceware.org/bugzilla/show_bug.cgi?id=22446),
[swbz#22463](https://sourceware.org/bugzilla/show_bug.cgi?id=22463),
[swbz#22447](https://sourceware.org/bugzilla/show_bug.cgi?id=22447),
[swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562),
[swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579),
[swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753))
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Florian Weimer <fweimer(a)redhat.com> - 2.26-32
- Auto-sync with upstream branch release/2.26/master,
commit a0bc5dd3bed4b04814047265b3bcead7ab973b87:
- CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000)
- libanl: proper cleanup if first helper thread creation failed (#1646381)
- x86: Fix Haswell CPU string flags (#1641980)
- resolv/tst-resolv-network.c: Additional test case (swbz#17630)
- Disable -Wrestrict for two nptl/tst-attr3.c tests
- Fix string/bug-strncat1.c build with GCC 8
- Ignore -Wrestrict for one strncat test
- Disable strncat test array-bounds warnings for GCC 8.
- Fix string/tester.c build with GCC 8.
- Fix nscd readlink argument aliasing (swbz#22446)
- nscd: Increase buffer size due to warning from ToT GCC
- Fix p_secstodate overflow handling (swbz#22463)
- timezone: pacify GCC -Wstringop-truncation
- utmp: Avoid -Wstringop-truncation warning
- Avoid use of strlen in getlogin_r (swbz#22447)
- signal: Use correct type for si_band in siginfo_t (swbz#23562)
- Fix misreported errno on preadv2/pwritev2 (swbz#23579)
- preadv2/pwritev2: Handle offset == -1 (swbz#22753)
- posix_spawn: Fix potential segmentation fault
* Mon Nov 26 2018 Florian Weimer <fweimer(a)redhat.com> - 2.26-31
- Do not use parallel make for building locales (#1652228)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c
https://bugzilla.redhat.com/show_bug.cgi?id=1653993
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.2.1-2.fc27 (FEDORA-2018-4a9d6f1827)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Udate pl and uk translations from zanata ---- Inline completion feature added
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-2
- Add desktop-file-utils, python3-gobject-base, gtk3, dbus-x11, dconf, and ibus
to BuildRequires (without that the build started failing on F28).
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-1
- Update to 2.2.1
- Update translations from zanata (pl, uk updated)
* Wed Nov 21 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.0-1
- Update translations from zanata (de updated)
- Save some screen space in the setup tool
- Add inline completion feature
- Tab should force a lookup when the minimum number of characters is not yet reached
--------------------------------------------------------------------------------
================================================================================
java-runtime-decompiler-2.0-2.fc27 (FEDORA-2018-a5bce09d26)
Application for extraction and decompilation of JVM byte code
--------------------------------------------------------------------------------
Update Information:
This is a new package for java-runtime-decompiler, a tool used for extraction of
byte code from running JVM. The byte code can be then decompiled using external
decompilers back to source code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636019 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1636019
--------------------------------------------------------------------------------
================================================================================
mysql-connector-java-8.0.13-1.fc27 (FEDORA-2018-ad2d98a4f5)
Official JDBC driver for MySQL
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-3523 CVE-2017-3586 CVE-2017-3589 CVE-2018-3258
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 22 2018 Jakub Janco <jjanco(a)redhat.com> - 1:8.0.13-1
- Update to 8.0.13
* Tue Aug 7 2018 Jakub Janco <jjanco(a)redhat.com> - 1:8.0.12-1
- new version
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.1.38-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:5.1.38-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1444759 - CVE-2017-3523 mysql-connector-java: Improper automatic deserialization of binary data (CPU Apr 2017)
https://bugzilla.redhat.com/show_bug.cgi?id=1444759
[ 2 ] Bug #1444407 - CVE-2017-3589 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017)
https://bugzilla.redhat.com/show_bug.cgi?id=1444407
[ 3 ] Bug #1444406 - CVE-2017-3586 mysql-connector-java: Connector/J unspecified vulnerability (CPU Apr 2017)
https://bugzilla.redhat.com/show_bug.cgi?id=1444406
--------------------------------------------------------------------------------
The following Fedora 28 Security updates need testing:
Age URL
231 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28
180 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28
179 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28
172 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013 unrtf-0.21.9-8.fc28
140 https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf docker-latest-1.13.1-37.git9cb56fd.fc28
55 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28
32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7d748596e9 drupal8-8.6.2-1.fc28
28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-18023f40fa drupal7-7.60-2.fc28
28 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d2739ebed php-Smarty2-2.6.31-2.fc28
27 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ee55d77c9 links-2.17-1.fc28
15 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f0d2429d3 bird-1.6.4-2.fc28
14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-86e2487df2 pdns-recursor-4.1.7-1.fc28
13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1 glusterfs-4.1.6-1.fc28
12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790 mupdf-1.14.0-6.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-96b48b34ae mingw-uriparser-0.9.0-1.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a3ef0a026f uriparser-0.9.0-1.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f4910a3260 moodle-3.4.6-1.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9581d9624 python-notebook-5.5.0-6.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1 tmux-2.8-2.fc28
6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef486b9e50 dnsdist-1.3.3-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1d2a79fe1c cobbler-2.8.4-5.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
19 https://bodhi.fedoraproject.org/updates/FEDORA-2018-783dfc5196 shadow-utils-4.6-4.fc28
13 https://bodhi.fedoraproject.org/updates/FEDORA-2018-af9bd28cf1 glusterfs-4.1.6-1.fc28
11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06 pam-1.3.1-8.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f5e72a448 grilo-0.3.7-1.fc28
8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d169dbb09d osinfo-db-20181116-1.fc28
7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc6d449e5 pungi-4.1.31-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-63e2c74a11 python-productmd-1.18-1.fc28
1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a171287251 libarchive-3.3.3-2.fc28
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa127b03bc vim-8.1.549-1.fc28
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28
0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-17f2d1f30c patch-2.7.6-8.fc28
The following builds have been pushed to Fedora 28 updates-testing
GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28
armacycles-ad-0.2.8.3.4-9.fc28
blaze-3.4-1.fc28
cinnamon-4.0.3-1.fc28
cinnamon-translations-4.0.1-1.fc28
cockpit-183-1.fc28
freeipa-4.7.0-5.fc28
glibc-2.27-35.fc28
ibus-typing-booster-2.2.1-2.fc28
java-runtime-decompiler-2.0-2.fc28
kernel-4.19.5-200.fc28
kernel-headers-4.19.5-200.fc28
kernel-tools-4.19.5-200.fc28
muffin-4.0.3-1.fc28
openjfx-8.0.202-2.b02.fc28
phan-1.1.4-1.fc28
samba-4.8.7-0.fc28
switchboard-plug-pantheon-shell-2.7.2-1.fc28
switchboard-plug-printers-2.1.6-1.fc28
task-2.5.1-10.fc28
wine-3.21-1.fc28
xed-2.0.1-1.fc28
xplayer-2.0.1-1.fc28
xreader-2.0.1-1.fc28
Details about builds:
================================================================================
GoldenCheetah-3.5-0.5.20181125gitea5c07d.fc28 (FEDORA-2018-f2bcc71f4c)
Cycling Performance Software
--------------------------------------------------------------------------------
Update Information:
- Merge qxt-sys.patch qwt3d-sys.patch and lmfit-levmar.patch to sys-path.patch -
Update to 3.5-0.5.20181125gitea5c07d ---- - Add %{name}-lmfit-levmar.patch -
Update to git0c668c0
--------------------------------------------------------------------------------
================================================================================
armacycles-ad-0.2.8.3.4-9.fc28 (FEDORA-2018-fd80cae1ac)
A lightcycle game in 3D
--------------------------------------------------------------------------------
Update Information:
Crash fix.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 0.2.8.3.4-9
- Upstream patches to fix crash, cleanup.
* Fri Jul 20 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 0.2.8.3.4-8
- BR fix.
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.2.8.3.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584586 - [abrt] armacycles-ad: std::__replacement_assert(): armacyclesad killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1584586
--------------------------------------------------------------------------------
================================================================================
blaze-3.4-1.fc28 (FEDORA-2018-b9ad0bfe02)
An high-performance C++ math library for dense and sparse arithmetic
--------------------------------------------------------------------------------
Update Information:
Initial Release of blaze 3.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652939 - Review Request: blaze - An open-source, high-performance C++ math library for dense and sparse arithmetic
https://bugzilla.redhat.com/show_bug.cgi?id=1652939
--------------------------------------------------------------------------------
================================================================================
cinnamon-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.3-1
- Update to 4.0.3 release
--------------------------------------------------------------------------------
================================================================================
cinnamon-translations-4.0.1-1.fc28 (FEDORA-2018-e4a0cd266a)
Translations for Cinnamon and Nemo
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.1-1
- Update to 4.0.1 release
--------------------------------------------------------------------------------
================================================================================
cockpit-183-1.fc28 (FEDORA-2018-d61a88d042)
Web Console for Linux servers
--------------------------------------------------------------------------------
Update Information:
- Machines: Manage storage pools - Kernel Dump: Support non-local targets -
Respect SSH configuration - Never send Content-Length with chunked encoding
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Martin Pitt <martin(a)piware.de> - 183-1
- Machines: Manage storage pools
- Kernel Dump: Support non-local targets
- Respect SSH configuration
- Never send Content-Length with chunked encoding
--------------------------------------------------------------------------------
================================================================================
freeipa-4.7.0-5.fc28 (FEDORA-2018-892835660b)
The Identity, Policy and Audit system
--------------------------------------------------------------------------------
Update Information:
This update resolves an issue which caused uninstall of a FreeIPA server to fail
with authselect 1.0.2, which recently appeared as an update. See [the pull
request](https://github.com/freeipa/freeipa/pull/2610) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Adam Williamson <awilliam(a)redhat.com> - 4.7.0-5
- Update PR #2610 patch to tiran's modified version
* Tue Nov 27 2018 Adam Williamson <awilliam(a)redhat.com> - 4.7.0-4
- Backport PR #2610 to fix for authselect 1.0.2+ (see #1645708)
--------------------------------------------------------------------------------
================================================================================
glibc-2.27-35.fc28 (FEDORA-2018-060302dc83)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update for the `glibc` package addresses one moderate security
vulnerability and several defects. * CVE-2018-19591: A file descriptor leak in
`if_nametoindex` can lead to a denial of service due to resource exhaustion when
processing `getaddrinfo` calls with crafted host names. Reported by Guido
Vranken. (RHBZ#1654000) * Failure to create the helper thread for
`getaddrinfo_a`/`libanl` could result in a crash. (RHBZ#1646381) * On certain
Haswell-class Intel CPUs, string function feature flags could be set
incorrectly, leading to a suboptimal choice of string functions. (RHBZ#1641980)
* Parallel building of locales led to nondeterminism in the RPM build process.
(RHBZ#1652228) * Various minor bug fixes from the upstream 2.27 release branch
were imported as part of this update
([swbz#17630](https://sourceware.org/bugzilla/show_bug.cgi?id=17630),
[swbz#22753](https://sourceware.org/bugzilla/show_bug.cgi?id=22753),
[swbz#23275](https://sourceware.org/bugzilla/show_bug.cgi?id=23275),
[swbz#23562](https://sourceware.org/bugzilla/show_bug.cgi?id=23562),
[swbz#23579](https://sourceware.org/bugzilla/show_bug.cgi?id=23579),
[swbz#23822](https://sourceware.org/bugzilla/show_bug.cgi?id=23822))
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-35
- Auto-sync with upstream branch release/2.27/master,
commit 9f433fc791ca4f9d678903ff45b504b524c886fb:
- CVE-2018-19591: if_nametoindex: Fix descriptor leak (#1654000)
- libanl: proper cleanup if first helper thread creation failed (#1646381)
- x86: Fix Haswell CPU string flags (#1641980)
- resolv/tst-resolv-network.c: Additional test case (swbz#17630)
- ia64: fix missing exp2f, log2f and powf symbols in libm.a (swbz#23822)
- conform: XFAIL siginfo_t si_band test on sparc64
- signal: Use correct type for si_band in siginfo_t (swbz#23562)
- pthread_mutex_lock: Fix race while promoting to PTHREAD_MUTEX_ELISION_NP
(swbz#23275)
- preadv2/pwritev2: Fix misreported errno (swbz#23579)
- preadv2/pwritev2: Handle offset == -1 (swbz#22753)
- posix_spawn: Fix potential segmentation fault
* Mon Nov 26 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-34
- Do not use parallel make for building locales (#1652228)
* Thu Aug 30 2018 Florian Weimer <fweimer(a)redhat.com> - 2.27-33
- Revert glibc_make_flags setting which is not needed in Fedora 28 (#1600034)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1653993 - CVE-2018-19591 glibc: file descriptor leak in if_nametoindex() in sysdeps/unix/sysv/linux/if_index.c
https://bugzilla.redhat.com/show_bug.cgi?id=1653993
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.2.1-2.fc28 (FEDORA-2018-43ab316be7)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update pl and uk translations from zanata
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-2
- Add desktop-file-utils, python3-gobject-base, gtk3, dbus-x11, dconf, and ibus
to BuildRequires (without that the build started failing on F28).
* Wed Nov 28 2018 Mike FABIAN <mfabian(a)redhat.com> - 2.2.1-1
- Update to 2.2.1
- Update translations from zanata (pl, uk updated)
--------------------------------------------------------------------------------
================================================================================
java-runtime-decompiler-2.0-2.fc28 (FEDORA-2018-675bc983cc)
Application for extraction and decompilation of JVM byte code
--------------------------------------------------------------------------------
Update Information:
This is a new package for java-runtime-decompiler, a tool used for extraction of
byte code from running JVM. The byte code can be then decompiled using external
decompilers back to source code.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636019 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1636019
--------------------------------------------------------------------------------
================================================================================
kernel-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jcline(a)redhat.com> - 4.19.5-300
- Linux v4.19.5
- Fix CVE-2018-16862 (rhbz 1649017 1653122)
- Fix CVE-2018-19407 (rhbz 1652656 1652658)
* Mon Nov 26 2018 Jeremy Cline <jeremy(a)jcline.org>
- Fixes a null pointer dereference with Nvidia and vmwgfx drivers (rhbz 1650224)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
kernel-headers-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
Header files for the Linux kernel for use by glibc
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jcline(a)redhat.com> - 4.19.5-200
- Linux v4.19.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
kernel-tools-4.19.5-200.fc28 (FEDORA-2018-3857a8b41a)
Assortment of tools for the Linux kernel
--------------------------------------------------------------------------------
Update Information:
The v4.19.5 stable update contains important fixes across the tree
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Jeremy Cline <jeremy(a)jcline.org> - 4.19.5-200
- Linux v4.19.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652656 - CVE-2018-19407 kernel: kvm: NULL pointer dereference in vcpu_scan_ioapic in arch/x86/kvm/x86.c
https://bugzilla.redhat.com/show_bug.cgi?id=1652656
[ 2 ] Bug #1649017 - CVE-2018-16862 kernel: cleancache: Infoleak of deleted files after reuse of old inodes
https://bugzilla.redhat.com/show_bug.cgi?id=1649017
--------------------------------------------------------------------------------
================================================================================
muffin-4.0.3-1.fc28 (FEDORA-2018-e4a0cd266a)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 4.0.3-1
- Update to 4.0.3 release
--------------------------------------------------------------------------------
================================================================================
openjfx-8.0.202-2.b02.fc28 (FEDORA-2018-f752a46b86)
Rich client application platform for Java
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 8.0.202b02
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Nicolas De Amicis <deamicis(a)bluewin.ch> - 8.0.202-2.b02
- Update to upstream version 8.0.202b02
* Mon Nov 12 2018 Nicolas De Amicis <deamicis(a)bluewin.ch> - 8.0.152-19.b05
- Fix missing java packages in openjfx
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.0.152-18.b05
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Jun 21 2018 Mat Booth <mat.booth(a)redhat.com> - 8.0.152-17.b05
- Fix failure to build from source
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.0.152-16.b05
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.0.152-15.b05
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.0.152-14.b05
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sun Jul 2 2017 Jonny Heggheim <hegjon(a)gmail.com> - 8.0.152-13.b05
- Update to upstream version 8.0.152b05
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1611943 - Please update it to the last version (8u202-b00)
https://bugzilla.redhat.com/show_bug.cgi?id=1611943
--------------------------------------------------------------------------------
================================================================================
phan-1.1.4-1.fc28 (FEDORA-2018-ce2aec005b)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
27 Nov 2018, Phan 1.1.4 ----------------------- **New features(Analysis):** +
Preserve original descendent object types after type assertions, when original
object types are all subtypes (e.g. infer `SubClass` for `$x = rand(0,1) ? new
SubClass() : false; if ($x instanceof BaseClass) { ... }`) **Maintenance:** +
Emit `UnusedPluginSuppression` on `@phan-suppress-next-line` and `@phan-file-
suppress` on the same line as the comment declaring the suppression. (#2167,
#1731) + Don't emit `PhanInvalidCommentForDeclarationType` (or attempt to parse)
unknown tags that have known tags as prefixes (#2156) (e.g. `@param-some-
unknown-tag`) **Bug fixes:** + Fix a crash when analyzing a nullable parameter
of type `self` in traits (#2163) + Properly parse closures/generic arrays/array
shapes when inner types also contain commas (#2141) + Support matching
parentheses inside closure params, recursively. (e.g.
`Closure(int[],Closure(int):bool):int[]`) + Don't warn about properties being
read-only when they might be modified by reference (#1729) ---- 20 Nov 2018,
Phan 1.1.3 ----------------------- **New features (CLI):** + Warn when calling
method on union types that are definitely partially invalid. (#1885) New
config setting: `--strict-method-checking` (enabled as part of `--strict-type-
checking`) New issue type: `PhanPossiblyNonClassMethodCall` + Add a prototype
tool `tool/phoogle`, which can be used to search for function/method signatures
in user-declared and internal functions/methods. E.g. to look for functions
that return a string, given a string and an array: `/path/phan/tool/phoogle
'string -> array -> string` **New features (Analysis):** + Add a heuristic
check to detect potential infinite recursion in a functionlike calling itself
(i.e. stack overflows) New issue types: `PhanInfiniteRecursion` + Infer
literal integer values from expressions such as `2 | 1`, `2 + 2`, etc. + Infer
more accurate array shapes for `preg_match_all` (based on existing inferences
for `preg_match`) + Make Phan infer union types of variables from switch
statements on variables (#1291) (including literal int and string types) +
Analyze simple assertions on `get_class($var)` of various forms (#1977)
Examples: - `assert(get_class($x) === 'someClass')` - `if (get_class($x) ===
someClass::class)` - `switch (get_class($x)) {case someClass::class: ...}` +
Warn about invalid/possibly invalid callables in function calls. New issue
types: `PhanTypeInvalidCallable`, `PhanTypePossiblyInvalidCallable` (the latter
check requires `--strict-method-checking`) + Reduce false positives for a few
functions (such as `substr`) in strict mode. + Make Phan infer that variables
are not null/false from various comparison expressions, e.g. `assert($x > 0);` +
Detect invalid arguments to `++`/`--` operators (#680). Improve the analysis
of the side effects of `++`/`--` operators. New issue type:
`PhanTypeInvalidUnaryOperandIncOrDec` **Plugins:** + Add
`BeforeAnalyzeCapability`, which will be executed once before starting the
analysis phase. (#2086) **Bug fixes:** + Fix false positives analyzing
`define()` (#2128) + Support declaring instance properties as the union type
`static` (#2145) New issue types: `PhanStaticPropIsStaticType` + Fix a crash
seen when Phan attempted to emit `PhanTypeArrayOperator` for certain operations
(#2153)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Remi Collet <remi(a)remirepo.net> - 1.1.4-1
- update to 1.1.4
* Wed Nov 21 2018 Remi Collet <remi(a)remirepo.net> - 1.1.3-1
- update to 1.1.3
--------------------------------------------------------------------------------
================================================================================
samba-4.8.7-0.fc28 (FEDORA-2018-c2a93f8e1b)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Update to Samba 4.8.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Guenther Deschner <gdeschner(a)redhat.com> - 4.8.7-0
- Update to Samba 4.8.7
- resolves: #1625449, #1654078 - Security fixes for CVE-2018-14629
- resolves: #1642545, #1654082 - Security fixes for CVE-2018-16841
- resolves: #1646377, #1654091 - Security fixes for CVE-2018-16851
- resolves: #1647246, #1654093 - Security fixes for CVE-2018-16853
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1625449 - CVE-2018-14629 samba: Unprivileged adding of CNAME record causing loop in AD LDAP server
https://bugzilla.redhat.com/show_bug.cgi?id=1625449
[ 2 ] Bug #1642545 - CVE-2018-16841 samba: Double-free in Samba AD DC KDC with PKINIT
https://bugzilla.redhat.com/show_bug.cgi?id=1642545
[ 3 ] Bug #1646377 - CVE-2018-16851 samba: NULL pointer de-reference in Samba AD DC LDAP server
https://bugzilla.redhat.com/show_bug.cgi?id=1646377
[ 4 ] Bug #1647246 - CVE-2018-16853 samba: S4U2Self crash with MIT KDC build
https://bugzilla.redhat.com/show_bug.cgi?id=1647246
--------------------------------------------------------------------------------
================================================================================
switchboard-plug-pantheon-shell-2.7.2-1.fc28 (FEDORA-2018-9819797ebc)
Switchboard Pantheon Shell plug
--------------------------------------------------------------------------------
Update Information:
Update to version 2.7.2. This update should fix the wallpaper discovery on
fedora, because subdirectory scanning was fixed. Release notes:
https://github.com/elementary/switchboard-plug-pantheon-shell/releases/tag/…
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.7.2-1
- Update to version 2.7.2.
--------------------------------------------------------------------------------
================================================================================
switchboard-plug-printers-2.1.6-1.fc28 (FEDORA-2018-bb66cf1cb8)
Switchboard Printers Plug
--------------------------------------------------------------------------------
Update Information:
Update to version 2.1.6. Release notes:
https://github.com/elementary/switchboard-plug-printers/releases/tag/2.1.6
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.1.6-1
- Update to version 2.1.6.
--------------------------------------------------------------------------------
================================================================================
task-2.5.1-10.fc28 (FEDORA-2018-df5596a68f)
Taskwarrior - a command-line TODO list manager
--------------------------------------------------------------------------------
Update Information:
Fix wrong .taskrc template
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 2.5.1-10
- Fixup rcdir path
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1551256 - generated .taskrc file contains duplicate datadir in include path
https://bugzilla.redhat.com/show_bug.cgi?id=1551256
--------------------------------------------------------------------------------
================================================================================
wine-3.21-1.fc28 (FEDORA-2018-90cf6a4a48)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
- Typelib marshaller rewrite using NDR functions. - Graphics support on recent
Android versions. - Support for memory font resources in DirectWrite. -
Joystick support improvements. - Various bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Michael Cronenworth <mike(a)cchtml.com> 3.21-1
- version update
--------------------------------------------------------------------------------
================================================================================
xed-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
X-Apps [Text] Editor (Cross-DE, backward-compatible, GTK3, traditional UI)
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------
================================================================================
xplayer-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
A generic Media Player
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------
================================================================================
xreader-2.0.1-1.fc28 (FEDORA-2018-dbc09734d0)
Simple document viewer
--------------------------------------------------------------------------------
Update Information:
- Update
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 28 2018 Leigh Scott <leigh123linux(a)googlemail.com> - 2.0.1-1
- Update to 2.0.1 release
--------------------------------------------------------------------------------
Hi Adam,
I and Lukas are in the process of drafting an email to Desktop SIGs
regarding basic functionality criteria for all apps available on blocking
desktops (as discussed recently in the QA meeting), and I need to clarify
the purpose of the "workstation core applications" testcase [1]. You
created it, I hope you have the best insight here :)
What confuses me:
1. I'm not clear on the purpose of this test case. The initial comment in
history says "create test case to check Workstation core application
availability", so it seems just about the apps being present. But the
Expected results also talk about successful launch.
If this is solely about availability, I'd rather omit the "successful
launch" note, because that is already covered by basic functionality test
case, let's not mix them up.
2. The test case is marked with Beta milestone, but I can't find any
release criterion that would refer to Workstation Core apps, not even at
Final, let alone at Beta. I can't even find the Technical Specification
page [2] linked from anywhere from criteria pages, even transitively. Is
this test case supposed to be Optional, or are we missing a criterion?
Thanks for clarification.
[1] https://fedoraproject.org/wiki/QA:Testcase_workstation_core_applications
[2] https://fedoraproject.org/wiki/Workstation/Technical_Specification