The following Fedora 29 Security updates need testing:
Age URL
57
https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320
xerces-c27-2.7.0-28.fc29
30
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4381dd7d0b
drupal8-8.6.2-1.fc29
30
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d3f4eb1f9f
drupal7-7.60-2.fc29
30
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7adf863a47
php-Smarty2-2.6.31-2.fc29
17
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6aada550ca bird-1.6.4-2.fc29
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d qemu-3.0.0-2.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4003413459
mingw-uriparser-0.9.0-1.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c5c72a45ea
uriparser-0.9.0-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3fbc181b3e
keepalived-2.0.10-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-22c609e92a
cobbler-2.8.4-5.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e423e8743f samba-4.9.3-0.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-937e8a39c4
python36-3.6.7-1.fc29
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e14840a7f5
pdns-recursor-4.1.8-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fff9c76313
xfce-polkit-0.3-1.fc29
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-004d2f4e6f
xfconf-4.13.6-2.fc29
12
https://bodhi.fedoraproject.org/updates/FEDORA-2018-87f2ace20d qemu-3.0.0-2.fc29
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-17cbc3c616 dnf-4.0.9-1.fc29
dnf-plugins-core-4.0.2-1.fc29 dnf-plugins-extras-4.0.0-1.fc29 libdnf-0.22.3-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6682778e13
pungi-4.1.31-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e423e8743f samba-4.9.3-0.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c3dd0383fa
PackageKit-1.1.12-1.fc29
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b1deef70ad lorax-29.21-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
ansible-2.7.3-1.fc29
apache-sshd-2.1.0-1.fc29
appcenter-3.0.1-2.fc29
buku-4.0-2.fc29
clementine-1.3.1-32.20181130gitd260c8b.fc29
dar-2.6.0.RC10-1.fc29
ed25519-java-0.3.0-1.fc29
filezilla-3.39.0-1.fc29
flatpak-1.0.6-3.fc29
freerdp-2.0.0-47.rc4.fc29
gdb-8.2-5.fc29
glibc-2.28-23.fc29
golang-gopkg-resty-1-1.10.2-1.fc29
grive2-0.5.0-18.20180820gitcf51167.fc29
groonga-8.0.9-1.fc29
hadoop-2.7.7-1.fc29
java-1.8.0-openjdk-1.8.0.191.b12-11.fc29
kobo-0.8.0-1.fc29
libfilezilla-0.15.1-1.fc29
libsolv-0.7.1-2.fc29
mysql-connector-odbc-8.0.13-1.fc29
nagios-4.4.2-3.fc29
net-snmp-5.8-3.fc29
nettle-3.4.1rc1-1.fc29
perl-5.28.1-425.fc29
perl-BSON-1.10.1-1.fc29
perl-CPAN-Perl-Releases-3.84-1.fc29
perl-Redis-1.991-8.fc29
perl-threads-shared-1.59-1.fc29
phan-1.1.5-1.fc29
pipenv-2018.11.26-1.fc29
python-magic-wormhole-0.11.2-1.fc29
python-pip-18.1-1.fc29
python-shellingham-1.2.7-1.fc29
pyxdg-0.26-3.fc29
regindexer-0.4-1.fc29
rubygem-jekyll-toc-0.9.1-1.fc29
strawberry-0.4.2-1.fc29
switchboard-2.3.5-1.fc29
unixODBC-2.3.7-2.fc29
vinagre-3.22.0-12.fc29
zsh-5.6.2-3.fc29
Details about builds:
================================================================================
ansible-2.7.3-1.fc29 (FEDORA-2018-f7f865dfb0)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.7.3 bugfix release. See
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v...
for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.7.3-1
- Update to 2.7.3
--------------------------------------------------------------------------------
================================================================================
apache-sshd-2.1.0-1.fc29 (FEDORA-2018-03d2962e75)
Apache SSHD
--------------------------------------------------------------------------------
Update Information:
Update to latest version of Apache SSHD, see the upstream release notes:
https://mina.apache.org/sshd-project/download_2.1.0.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Mat Booth <mat.booth(a)redhat.com> - 2.1.0-1
- Update to latest upstream release
- Patch out the dependency on tomcat-libs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1448498 - apache-sshd-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1448498
--------------------------------------------------------------------------------
================================================================================
appcenter-3.0.1-2.fc29 (FEDORA-2018-cb1e561d82)
Software Center from elementary
--------------------------------------------------------------------------------
Update Information:
Drop elementaryOS blacklist in favor of the version shipped with appcenter.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Fabio Valentini <decathorpe(a)gmail.com> - 3.0.1-2
- Drop elementaryOS blacklist in favor of the version shipped with appcenter.
--------------------------------------------------------------------------------
================================================================================
buku-4.0-2.fc29 (FEDORA-2018-5f10814f68)
Powerful command-line bookmark manager
--------------------------------------------------------------------------------
Update Information:
Add missing Requires
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 4.0-2
- Add missing Requires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1655021 - [abrt] buku: module(): buku:21:<module>:ModuleNotFoundError:
No module named 'bs4'
https://bugzilla.redhat.com/show_bug.cgi?id=1655021
--------------------------------------------------------------------------------
================================================================================
clementine-1.3.1-32.20181130gitd260c8b.fc29 (FEDORA-2018-2a984a3489)
A music player and library organizer
--------------------------------------------------------------------------------
Update Information:
Bump to qt5 branch. commit d260c8b6d8c876280f8ac883870916bdf4b64df5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> -
1.3.1-32.20181130gitd260c8b
- Bump to qt5 branch. commit d260c8b6d8c876280f8ac883870916bdf4b64df5
--------------------------------------------------------------------------------
================================================================================
dar-2.6.0.RC10-1.fc29 (FEDORA-2018-3920f35f33)
Software for making/restoring incremental CD/DVD backups
--------------------------------------------------------------------------------
Update Information:
upstream updated
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Luis Segundo <blackfile(a)fedoraproject.org> - 2.6.0.RC10-1
- New upstream version
* Tue Oct 16 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 2.5.17-1
- New upstream version
* Sat Jul 21 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 2.5.16-2
- Fix BZ #1603740 add gcc-c++
* Sat Jul 21 2018 Luis Bazan <lbazan(a)fedoraproject.org> - 2.5.16-1
- New Upstream version
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5.15-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1614312 - FEATURE: Compile with --enable-mode=64
https://bugzilla.redhat.com/show_bug.cgi?id=1614312
[ 2 ] Bug #1603188 - dar-2.5.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1603188
[ 3 ] Bug #1603740 - dar: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1603740
--------------------------------------------------------------------------------
================================================================================
ed25519-java-0.3.0-1.fc29 (FEDORA-2018-03d2962e75)
Implementation of EdDSA (Ed25519) in Java
--------------------------------------------------------------------------------
Update Information:
Update to latest version of Apache SSHD, see the upstream release notes:
https://mina.apache.org/sshd-project/download_2.1.0.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Mat Booth <mat.booth(a)redhat.com> - 0.3.0-1
- Update to latest upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1448498 - apache-sshd-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1448498
--------------------------------------------------------------------------------
================================================================================
filezilla-3.39.0-1.fc29 (FEDORA-2018-eccd436460)
FTP, FTPS and SFTP client
--------------------------------------------------------------------------------
Update Information:
Latest filezilla
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 3.39.0-1
- 3.39.0 final.
* Mon Nov 26 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 3.39.0-0.rc1
- 3.39.0-rc1
--------------------------------------------------------------------------------
================================================================================
flatpak-1.0.6-3.fc29 (FEDORA-2018-c5b26a3ee2)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
This update fixes problems with OCI remotes installed system wide. It is needed
to access Flatpaks on
registry.fedoraproject.org.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 fedora-toolbox <otaylor(a)redhat.com> - 1.0.6-3
- Add a patch to fix OCI system remotes
- Add patch fixing permissions on icons downloaded from an OCI registry
--------------------------------------------------------------------------------
================================================================================
freerdp-2.0.0-47.rc4.fc29 (FEDORA-2018-3b16389936)
Free implementation of the Remote Desktop Protocol (RDP)
--------------------------------------------------------------------------------
Update Information:
FreeRDP update to the latest release candidate and fix of RDP support in
Vinagre.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Ondrej Holy <oholy(a)redhat.com> - 2:2.0.0-47.rc4
- Update to 2.0.0-rc4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636560 - Black screen when using RDP in Remote Desktop viewer
https://bugzilla.redhat.com/show_bug.cgi?id=1636560
--------------------------------------------------------------------------------
================================================================================
gdb-8.2-5.fc29 (FEDORA-2018-1497d92365)
A stub package for GNU source-level debugger
--------------------------------------------------------------------------------
Update Information:
Fix 'py-bt is broken, results in exception' (RHBZ 1639242).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Sergio Durigan Junior <sergiodj(a)redhat.com> - 8.2-5.fc29
- Fix 'py-bt is broken, results in exception' (RHBZ 1639242).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1639242 - py-bt is broken, results in exception
https://bugzilla.redhat.com/show_bug.cgi?id=1639242
--------------------------------------------------------------------------------
================================================================================
glibc-2.28-23.fc29 (FEDORA-2018-c69aee3e63)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
This update to the `glibc` package adds a new security hardening feature. *
malloc: tcache double free check (RHBZ#1647395)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 DJ Delorie <dj(a)redhat.com> - 2.28-23
- Auto-sync with upstream branch release/2.28/master,
commit b8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.
- malloc: tcache double free check (#1647395)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1647395 - glibc: the execution continued with double free in the program
https://bugzilla.redhat.com/show_bug.cgi?id=1647395
--------------------------------------------------------------------------------
================================================================================
golang-gopkg-resty-1-1.10.2-1.fc29 (FEDORA-2018-22c8bc06a4)
Simple HTTP and REST client library for Go
--------------------------------------------------------------------------------
Update Information:
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654040 - Review Request: golang-gopkg-resty-1 - Simple HTTP and REST client
library for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1654040
--------------------------------------------------------------------------------
================================================================================
grive2-0.5.0-18.20180820gitcf51167.fc29 (FEDORA-2018-9c9446a9e0)
Google Drive client
--------------------------------------------------------------------------------
Update Information:
Update to most recent git head to merge in bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Zamir SUN <sztsian(a)gmail.com> - 0.5.0-18.20180820gitcf51167
- Update to most recent git head to merge in bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1615018 - grive2: Update to include recent upstream bugfixes
https://bugzilla.redhat.com/show_bug.cgi?id=1615018
--------------------------------------------------------------------------------
================================================================================
groonga-8.0.9-1.fc29 (FEDORA-2018-f1aeffd462)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Kentaro Hayashi <hayashi(a)clear-code.com> 8.0.9-1
- new upstream release
- fix E: specfile-error warning: Macro expanded in comment
--------------------------------------------------------------------------------
================================================================================
hadoop-2.7.7-1.fc29 (FEDORA-2018-beec9e3fda)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Bug fix and upgrade to version 2.7.7
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Mike Miller <mmiller(a)apache.org> - 2.7.7-1
- Upgrade to 2.7.7. Remove patch no longer needed for CVE-2018-8009
* Wed Nov 28 2018 Mike Miller <mmiller(a)apache.org> - 2.7.6-6
- Fix NoClassDefFoundError with cglib in Yarn and make top level hadoop package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654240 - CVE-2018-11766 hadoop: Privilege escalation to root (Incomplete fix
for CVE-2016-6811) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1654240
[ 2 ] Bug #1554525 - When starting Resource Manager - java.lang.NoClassDefFoundError:
net/sf/cglib/core/CodeGenerationException
https://bugzilla.redhat.com/show_bug.cgi?id=1554525
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.191.b12-11.fc29 (FEDORA-2018-437c926bfc)
OpenJDK Runtime Environment 8
--------------------------------------------------------------------------------
Update Information:
Some minor updates + TLSv1.2 support via the PKCS11 provider.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 22 2018 Andrew John Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.191.b12-11
- Add backport of JDK-8029661 which adds TLSv1.2 support to the PKCS11 provider.
* Tue Nov 13 2018 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.191.b12-10
- Revise Shenandoah PR3634 patch following upstream discussion.
* Wed Nov 7 2018 Jiri Vanek <jvanek(a)redhat.com> - 1:1.8.0.191.b12-9
- headfull suggests of cups, replaced by Requires of cups-libs in headless
* Wed Nov 7 2018 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.191.b12-9
- Note why PR1834/RH1022017 is not suitable to go upstream in its current form.
* Mon Nov 5 2018 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.191.b12-9
- Document patch sections.
* Mon Nov 5 2018 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.191.b12-9
- Fix patch organisation in the spec file:
- * Move ECC patches back to upstreamable section
- * Move system cacerts & crypto policy patches to upstreamable section
- * Merge "Local fixes" and "RPM fixes" which amount to the same
thing
- * Move system libpng & lcms patches back to 8u upstreamable section
--------------------------------------------------------------------------------
================================================================================
kobo-0.8.0-1.fc29 (FEDORA-2018-4418fc329b)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.8.0. ### FEATURES & IMPROVEMENTS - Improved Python 3
compatibility - Improved Django 2.0 compatibility - Improved tests coverage -
Header produced by kobo.shortcuts.run(show_cmd=True) is now limited to 79
characters length ### BUG FIXES - Fixed handling of string SERVER_PORT in wsgi
requests - Fixed Worker.timeout_task wrongly setting subtasks to INTERRUPTED
([#72](https://github.com/release-engineering/kobo/issues/72)) - Fixed
Worker.set_task_weight always crashing ([#75](https://github.com/release-
engineering/kobo/issues/75)) - Fixed missing dependency on python-six
https://bugzilla.redhat.com/show_bug.cgi?id=1654946
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Rohan McGovern <rmcgover(a)redhat.com> - 0.8.0-1
- New upstream release 0.8.0
* Fri Nov 30 2018 Rohan McGovern <rmcgover(a)redhat.com> - 0.7.0-10
- Add missing dependencies on python-six (RHBZ#1654946)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654946 - kobo packages are missing dependency on six
https://bugzilla.redhat.com/show_bug.cgi?id=1654946
--------------------------------------------------------------------------------
================================================================================
libfilezilla-0.15.1-1.fc29 (FEDORA-2018-eccd436460)
C++ Library for FileZilla
--------------------------------------------------------------------------------
Update Information:
Latest filezilla
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 26 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 0.15.1-1
- 0.15.1
--------------------------------------------------------------------------------
================================================================================
libsolv-0.7.1-2.fc29 (FEDORA-2018-092ca34d90)
Package dependency solver
--------------------------------------------------------------------------------
Update Information:
Backport fixes for autouninstall
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org - 0.7.1-2
- Backport fixes for autouninstall
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1446068 - "dnf update --allowerasing" just removes packages instead
of update
https://bugzilla.redhat.com/show_bug.cgi?id=1446068
--------------------------------------------------------------------------------
================================================================================
mysql-connector-odbc-8.0.13-1.fc29 (FEDORA-2018-aac3769cee)
ODBC driver for MySQL
--------------------------------------------------------------------------------
Update Information:
**MySQL connector ODBC 8.0.13** A fresh new rebase straight to a version fully
compatible with MySQL 8 Release notes:
https://dev.mysql.com/doc/relnotes/connector-odbc/en/news-5-3.html
https://dev.mysql.com/doc/relnotes/connector-odbc/en/news-8-0.html Bugs fixed:
After a long time it builds well against the 'community-mysql' package
Maintainer notes: New configuration reflecting MySQL 8 added to 'unixODBC'
package and made default Thanks to Lars Tangvald from Oracle for the patch
that made it possible Test with:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e8115812ed
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Lars Tangvald <lars.tangvald(a)oracle.com> - 8.0.13-1
- Rebase to 8.0.13
Resolves: #1569767
Resolves: #1604908
- Rediff 64bit patch
- Remove obsolete patches
- Add cmake patch
- Disable building with GUI
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3.10-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Feb 8 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 5.3.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1604908 - mysql-connector-odbc: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604908
[ 2 ] Bug #1569767 - mysql-connector-odbc-8.0.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1569767
--------------------------------------------------------------------------------
================================================================================
nagios-4.4.2-3.fc29 (FEDORA-2018-42555731d2)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Updates to nagios-4.4.2 which is a major update. Fixes CVE's CVE-2018-13441
CVE-2016-8641
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.2-3
- Remove systemd startup since built in works properly
- Incorporate fixes from patch14 into patch9
* Thu Nov 29 2018 Stephen Smoogen <smooge(a)fedoraproject.org> - 4.4.2-2
- Fix init-type and initdir for systemd and sysv
* Wed Nov 28 2018 Justin Paulsen <petaris(a)gmail.com> 4.4.2-1
- Bumped to version 4.4.2
- Updated patches 0001,0002,0003,0006,0009,0010,0011 to reflect upstream changes
- Updates to nagios.spec (this file) to cleanup un-needed elements and
adjust/fix as required
- As a result of the cleanup I have added a patch nagios-0014-fix-resource.cfg-path.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1593048 - nagios-4.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1593048
[ 2 ] Bug #1647765 - Memory leak in nagios
https://bugzilla.redhat.com/show_bug.cgi?id=1647765
[ 3 ] Bug #1482407 - nagios-4.3.2-8.el7 crash caused by (potential) result size issue in
wproc
https://bugzilla.redhat.com/show_bug.cgi?id=1482407
[ 4 ] Bug #1506423 - Nagios regularly crashes with SIGSEGV after couple of weeks of
starting.
https://bugzilla.redhat.com/show_bug.cgi?id=1506423
[ 5 ] Bug #1592594 - nagios spool files in wrong location by default, causing SELinux
violations
https://bugzilla.redhat.com/show_bug.cgi?id=1592594
--------------------------------------------------------------------------------
================================================================================
net-snmp-5.8-3.fc29 (FEDORA-2018-042156f164)
A collection of SNMP protocol tools and libraries
--------------------------------------------------------------------------------
Update Information:
Update to net-snmp-5.8.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 27 2018 Josef Ridky <jridky(a)redhat.com> - 1:5.8-3
- backport memory leak fixes from upstream
- add fPIE to CFLAGS (#1543853)
- use default LDFLAGS
* Mon Jul 23 2018 Josef Ridky <jridky(a)redhat.com> - 1:5.8-2
- fix unresoved error with mysql functions
- implement changes to announce soname changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637573 - CVE-2018-18065 CVE-2018-18066 net-snmp: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1637573
[ 2 ] Bug #1543853 - net-snmp: Fedora build flags only partially applied
https://bugzilla.redhat.com/show_bug.cgi?id=1543853
[ 3 ] Bug #1531020 - net-snmp-5.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1531020
--------------------------------------------------------------------------------
================================================================================
nettle-3.4.1rc1-1.fc29 (FEDORA-2018-665e6dfcf0)
A low-level cryptographic library
--------------------------------------------------------------------------------
Update Information:
New upstream release; provides API for constant memory access RSA operations
(CVE-2018-16869)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Nikos Mavrogiannopoulos <nmav(a)redhat.com> - 3.4.1rc1-1
- New upstream release; provides API for constant memory access RSA operations
--------------------------------------------------------------------------------
================================================================================
perl-5.28.1-425.fc29 (FEDORA-2018-9dbe983805)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-18311, CVE-2018-18312, CVE-2018-18313 and
CVE-2018-18314
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 4:5.28.0-425
- 5.28.1 bump
- Fix CVE-2018-18312 (heap-buffer-overflow write in regcomp.c)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1646734 - CVE-2018-18312 perl: Heap-buffer-overflow write / reg_node overrun
https://bugzilla.redhat.com/show_bug.cgi?id=1646734
[ 2 ] Bug #1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1646730
[ 3 ] Bug #1646738 - CVE-2018-18313 perl: Heap-buffer-overflow read in regcomp.c
https://bugzilla.redhat.com/show_bug.cgi?id=1646738
[ 4 ] Bug #1646751 - CVE-2018-18314 perl: Heap-based buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1646751
--------------------------------------------------------------------------------
================================================================================
perl-BSON-1.10.1-1.fc29 (FEDORA-2018-2ef1282aeb)
BSON serialization and deserialization
--------------------------------------------------------------------------------
Update Information:
This release adds BSON::Raw::get_first_key() method, implements ObjectID
specification and limits BSON encoding and decoding to a maximal depth limit to
provent from exhausting a resources. It also improves BSON error messages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Petr Pisar <ppisar(a)redhat.com> - 1.10.1-1
- 1.10.1 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1655009 - Upgrade perl-BSON to 1.10.1
https://bugzilla.redhat.com/show_bug.cgi?id=1655009
--------------------------------------------------------------------------------
================================================================================
perl-CPAN-Perl-Releases-3.84-1.fc29 (FEDORA-2018-cb3a1f2243)
Mapping Perl releases on CPAN to the location of the tarballs
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.84-1
- 3.84 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1655089 - Upgrade perl-CPAN-Perl-Releases to 3.84
https://bugzilla.redhat.com/show_bug.cgi?id=1655089
--------------------------------------------------------------------------------
================================================================================
perl-Redis-1.991-8.fc29 (FEDORA-2018-435d42848b)
Perl binding for Redis database
--------------------------------------------------------------------------------
Update Information:
This release adjusts tests to changes in Redis 4.0.11.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Petr Pisar <ppisar(a)redhat.com> - 1.991-8
- Adjust tests to changes in Redis 4.0.11 (bug #1624360)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1624360 - perl-Redis-1.991-7.fc29 FTBFS: Failed test 'pipeline with
embedded error'
https://bugzilla.redhat.com/show_bug.cgi?id=1624360
--------------------------------------------------------------------------------
================================================================================
perl-threads-shared-1.59-1.fc29 (FEDORA-2018-ae0be48c15)
Perl extension for sharing data structures between threads
--------------------------------------------------------------------------------
Update Information:
This release fixes loading its XS implementation on perls that do not support
threads. This is not the case of Fedora. We deliver it only to provide an up-to-
date version string.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Petr Pisar <ppisar(a)redhat.com> - 1.59-1
- 1.59 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1655011 - Upgrade perl-threads-shared to 1.59
https://bugzilla.redhat.com/show_bug.cgi?id=1655011
--------------------------------------------------------------------------------
================================================================================
phan-1.1.5-1.fc29 (FEDORA-2018-d3a99a6bfe)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
29 Nov 2018, Phan 1.1.5 ----------------------- **Language Server:** + Fix a
crash in the Language Server when pcntl is not installed or enabled (e.g. on
Windows) (#2186) ---- 27 Nov 2018, Phan 1.1.4 ----------------------- **New
features(Analysis):** + Preserve original descendent object types after type
assertions, when original object types are all subtypes (e.g. infer `SubClass`
for `$x = rand(0,1) ? new SubClass() : false; if ($x instanceof BaseClass) { ...
}`) **Maintenance:** + Emit `UnusedPluginSuppression` on `@phan-suppress-next-
line` and `@phan-file-suppress` on the same line as the comment declaring the
suppression. (#2167, #1731) + Don't emit `PhanInvalidCommentForDeclarationType`
(or attempt to parse) unknown tags that have known tags as prefixes (#2156)
(e.g. `@param-some-unknown-tag`) **Bug fixes:** + Fix a crash when analyzing a
nullable parameter of type `self` in traits (#2163) + Properly parse
closures/generic arrays/array shapes when inner types also contain commas
(#2141) + Support matching parentheses inside closure params, recursively. (e.g.
`Closure(int[],Closure(int):bool):int[]`) + Don't warn about properties being
read-only when they might be modified by reference (#1729) ---- 20 Nov 2018,
Phan 1.1.3 ----------------------- **New features (CLI):** + Warn when calling
method on union types that are definitely partially invalid. (#1885) New
config setting: `--strict-method-checking` (enabled as part of `--strict-type-
checking`) New issue type: `PhanPossiblyNonClassMethodCall` + Add a prototype
tool `tool/phoogle`, which can be used to search for function/method signatures
in user-declared and internal functions/methods. E.g. to look for functions
that return a string, given a string and an array: `/path/phan/tool/phoogle
'string -> array -> string` **New features (Analysis):** + Add a heuristic
check to detect potential infinite recursion in a functionlike calling itself
(i.e. stack overflows) New issue types: `PhanInfiniteRecursion` + Infer
literal integer values from expressions such as `2 | 1`, `2 + 2`, etc. + Infer
more accurate array shapes for `preg_match_all` (based on existing inferences
for `preg_match`) + Make Phan infer union types of variables from switch
statements on variables (#1291) (including literal int and string types) +
Analyze simple assertions on `get_class($var)` of various forms (#1977)
Examples: - `assert(get_class($x) === 'someClass')` - `if (get_class($x) ===
someClass::class)` - `switch (get_class($x)) {case someClass::class: ...}` +
Warn about invalid/possibly invalid callables in function calls. New issue
types: `PhanTypeInvalidCallable`, `PhanTypePossiblyInvalidCallable` (the latter
check requires `--strict-method-checking`) + Reduce false positives for a few
functions (such as `substr`) in strict mode. + Make Phan infer that variables
are not null/false from various comparison expressions, e.g. `assert($x > 0);` +
Detect invalid arguments to `++`/`--` operators (#680). Improve the analysis
of the side effects of `++`/`--` operators. New issue type:
`PhanTypeInvalidUnaryOperandIncOrDec` **Plugins:** + Add
`BeforeAnalyzeCapability`, which will be executed once before starting the
analysis phase. (#2086) **Bug fixes:** + Fix false positives analyzing
`define()` (#2128) + Support declaring instance properties as the union type
`static` (#2145) New issue types: `PhanStaticPropIsStaticType` + Fix a crash
seen when Phan attempted to emit `PhanTypeArrayOperator` for certain operations
(#2153)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Remi Collet <remi(a)remirepo.net> - 1.1.5-1
- update to 1.1.5
* Wed Nov 28 2018 Remi Collet <remi(a)remirepo.net> - 1.1.4-1
- update to 1.1.4
* Wed Nov 21 2018 Remi Collet <remi(a)remirepo.net> - 1.1.3-1
- update to 1.1.3
--------------------------------------------------------------------------------
================================================================================
pipenv-2018.11.26-1.fc29 (FEDORA-2018-b5c855ceea)
The higher level Python packaging tool
--------------------------------------------------------------------------------
Update Information:
Upgrade pipenv and pip to the latest upstream releases. See
https://pipenv.readthedocs.io/en/latest/changelog/ and
https://pip.pypa.io/en/stable/news/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 29 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2018.11.26-1
- Update to 2018.11.26 (bugfixes only)
* Fri Nov 23 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 2018.11.14-1
- Update to 2018.11.14 (#1652091)
- Should fix incompatibility with pip (#1651317)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652089 - Update pip to 18.1
https://bugzilla.redhat.com/show_bug.cgi?id=1652089
[ 2 ] Bug #1652091 - Update pipenv to 2018.11.14
https://bugzilla.redhat.com/show_bug.cgi?id=1652091
[ 3 ] Bug #1651317 - pip and pipenv are incompatible
https://bugzilla.redhat.com/show_bug.cgi?id=1651317
--------------------------------------------------------------------------------
================================================================================
python-magic-wormhole-0.11.2-1.fc29 (FEDORA-2018-cbd8bfcebb)
Securely transfer data between computers
--------------------------------------------------------------------------------
Update Information:
Initial packaging for fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1653806 - Review Request: python-magic-wormhole - Securely transfer data
between computers
https://bugzilla.redhat.com/show_bug.cgi?id=1653806
--------------------------------------------------------------------------------
================================================================================
python-pip-18.1-1.fc29 (FEDORA-2018-b5c855ceea)
A tool for installing and managing Python packages
--------------------------------------------------------------------------------
Update Information:
Upgrade pipenv and pip to the latest upstream releases. See
https://pipenv.readthedocs.io/en/latest/changelog/ and
https://pip.pypa.io/en/stable/news/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 22 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 18.1-1
- Update to 18.1 (#1652089)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652089 - Update pip to 18.1
https://bugzilla.redhat.com/show_bug.cgi?id=1652089
[ 2 ] Bug #1652091 - Update pipenv to 2018.11.14
https://bugzilla.redhat.com/show_bug.cgi?id=1652091
[ 3 ] Bug #1651317 - pip and pipenv are incompatible
https://bugzilla.redhat.com/show_bug.cgi?id=1651317
--------------------------------------------------------------------------------
================================================================================
python-shellingham-1.2.7-1.fc29 (FEDORA-2018-b5c855ceea)
Tool to detect surrounding Shell
--------------------------------------------------------------------------------
Update Information:
Upgrade pipenv and pip to the latest upstream releases. See
https://pipenv.readthedocs.io/en/latest/changelog/ and
https://pip.pypa.io/en/stable/news/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652089 - Update pip to 18.1
https://bugzilla.redhat.com/show_bug.cgi?id=1652089
[ 2 ] Bug #1652091 - Update pipenv to 2018.11.14
https://bugzilla.redhat.com/show_bug.cgi?id=1652091
[ 3 ] Bug #1651317 - pip and pipenv are incompatible
https://bugzilla.redhat.com/show_bug.cgi?id=1651317
--------------------------------------------------------------------------------
================================================================================
pyxdg-0.26-3.fc29 (FEDORA-2018-7339f61610)
Python library to access
freedesktop.org standards
--------------------------------------------------------------------------------
Update Information:
Fix code for places where it called non-existant attribute "Type".
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Tom Callaway <spot(a)fedoraproject.org> - 0.26-3
- fix incorrect use of Type attribute (bz 1654857)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654857 - [abrt] openbox: post_parse():
Menu.py:997:post_parse:AttributeError: 'MenuEntry' object has no attribute
'Type'
https://bugzilla.redhat.com/show_bug.cgi?id=1654857
--------------------------------------------------------------------------------
================================================================================
regindexer-0.4-1.fc29 (FEDORA-2018-e861f9bfb6)
Tool for creating an index of a container registry
--------------------------------------------------------------------------------
Update Information:
Update to version 0.4 - fixes a problem where only the first 100 repositories in
a registry would be indexed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 fedora-toolbox <otaylor(a)redhat.com> - 0.4-1
- Version 0.4 (fixes problem with > 100 repositories)
* Wed Aug 29 2018 Owen Taylor <otaylor(a)redhat.com> - 0.3-1
- Version 0.3
--------------------------------------------------------------------------------
================================================================================
rubygem-jekyll-toc-0.9.1-1.fc29 (FEDORA-2018-010ff92a53)
Jekyll Table of Contents plugin
--------------------------------------------------------------------------------
Update Information:
Update to version 0.9.1. Release notes:
https://github.com/toshimaru/jekyll-
toc/releases/tag/v0.9.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Fabio Valentini <decathorpe(a)gmail.com> - 0.9.1-1
- Update to version 0.9.1.
--------------------------------------------------------------------------------
================================================================================
strawberry-0.4.2-1.fc29 (FEDORA-2018-c09c3b72f7)
An audio player and music collection organizer
--------------------------------------------------------------------------------
Update Information:
Release 0.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.4.2-1
- Release 0.4.2
--------------------------------------------------------------------------------
================================================================================
switchboard-2.3.5-1.fc29 (FEDORA-2018-e3f8c58e83)
Modular Desktop Settings Hub
--------------------------------------------------------------------------------
Update Information:
Update to version 2.3.5. Release notes:
https://github.com/elementary/switchboard/releases/tag/2.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.3.5-1
- Update to version 2.3.5.
--------------------------------------------------------------------------------
================================================================================
unixODBC-2.3.7-2.fc29 (FEDORA-2018-e8115812ed)
A complete ODBC driver manager for Linux
--------------------------------------------------------------------------------
Update Information:
Configuration for 'mysql-connector-odbc' package reflecting MySQL 8 shipped
within this update Test with:
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aac3769cee
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Michal Schorm <mschorm(a)redhat.com> - 2.3.7-2
- Bump for rebuild to ship updated configuration
--------------------------------------------------------------------------------
================================================================================
vinagre-3.22.0-12.fc29 (FEDORA-2018-3b16389936)
VNC client for GNOME
--------------------------------------------------------------------------------
Update Information:
FreeRDP update to the latest release candidate and fix of RDP support in
Vinagre.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Ondrej Holy <oholy(a)redhat.com> - 3.22.0-12
- Fix build with recent FreeRDP versions
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1636560 - Black screen when using RDP in Remote Desktop viewer
https://bugzilla.redhat.com/show_bug.cgi?id=1636560
--------------------------------------------------------------------------------
================================================================================
zsh-5.6.2-3.fc29 (FEDORA-2018-33cd18f0f7)
Powerful interactive shell
--------------------------------------------------------------------------------
Update Information:
- return non-zero exit status on nested parse error (#1654989)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 30 2018 Kamil Dudka <kdudka(a)redhat.com> - 5.6.2-3
- return non-zero exit status on nested parse error (#1654989)
--------------------------------------------------------------------------------