The following Fedora 35 Security updates need testing:
Age URL
147
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
139
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9a489fa494
python-twisted-22.4.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cece705cbf
mingw-wavpack-5.4.0-5.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b54a8dee29
httpd-2.4.54-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d22a045d7a squid-5.6-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cd37732349
dotnet3.1-3.1.420-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bb7f3cacbf
vim-8.2.5172-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1a2312e4d6
matrix-synapse-1.61.1-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-99d02c5100
thunderbird-91.11.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b3d7f6973 curl-7.79.1-5.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17a1bb7e78
pypy3.9-7.3.9-2.3.9.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9cd41b6709
pypy3.8-7.3.9-2.3.8.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d157a91e10
pypy3.7-7.3.9-2.3.7.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9dd70781cb pypy-7.3.9-2.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b1e1a67d1
openssl-1.1.1p-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
20
https://bodhi.fedoraproject.org/updates/FEDORA-2022-57015a1d06
binutils-2.37-20.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-73122722e6
dnsmasq-2.86-6.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ae2b0a7c72 glibc-2.34-38.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7096bf65fe
python-pycdlib-1.13.0-1.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-75a51ebb0d gnutls-3.7.6-3.fc35
nettle-3.8-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0365f6a0b4
elfutils-0.187-4.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b246f3a2b
ethtool-5.18-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bb7f3cacbf
vim-8.2.5172-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-792839070e
kernel-5.18.8-100.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-590034bcdd
annobin-10.76-3.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b3d7f6973 curl-7.79.1-5.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-99d02c5100
thunderbird-91.11.0-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b1e1a67d1
openssl-1.1.1p-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-12d41537af
freeipa-4.9.10-2.fc35 libldb-2.4.3-1.fc35 samba-4.15.8-0.fc35
The following builds have been pushed to Fedora 35 updates-testing
bemenu-0.6.8-1.fc35
bmake-20220612-1.fc35
composer-2.3.8-1.fc35
cronie-1.5.7-4.fc35
golang-1.16.15-3.fc35
i3lock-2.14.1-1.fc35
libeatmydata-130-4.fc35
libtpms-0.9.5-1.fc35
magic-8.3.315-1.fc35
mame-0.245-1.fc35
pacemaker-2.1.4-4.fc35
pipewire-0.3.53-2.fc35
python-virt-firmware-1.1-1.fc35
qownnotes-22.6.2-1.fc35
rpm-4.17.1-1.fc35
rubygem-sequel-5.58.0-1.fc35
rust-1.62.0-1.fc35
rust-packaging-21-4.fc35
xen-4.15.3-1.fc35
Details about builds:
================================================================================
bemenu-0.6.8-1.fc35 (FEDORA-2022-9af8cd64ee)
Dynamic menu library and client program inspired by dmenu
--------------------------------------------------------------------------------
Update Information:
Update to version 0.6.8.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Jan Stan��k <jstanek(a)redhat.com> 0.6.8-1
- Update to version 0.6.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2102759 - bemenu-0.6.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2102759
--------------------------------------------------------------------------------
================================================================================
bmake-20220612-1.fc35 (FEDORA-2022-c1942153a2)
The NetBSD make(1) tool
--------------------------------------------------------------------------------
Update Information:
``` 2022-06-12 Simon J Gerraty <sjg(a)beast.crufty.net> * VERSION
(_MAKE_VERSION): 20220612 Merge with NetBSD make, pick up o
allow to randomize build order of targets .MAKE.MODE += randomize-
targets can help uncover dependency bugs within a makefile. o
compat.c: rename Compat_Run to Compat_MakeAll o make.c: inline
MakeBuildParent inline make_abort, improve error details o
parse.c: reorganize Parse_Error fix memory leak in wildcard targets and
sources separate cases in HandleDependencyTargetMundane extract
HandleSingleDependencyTargetMundane rename loadfile to LoadFile
split IncludeFile into separate functions condense code for searching a
file in the paths fix off-by-one error in buffer for .WAIT nodes
o str.c: condense Str_Match make code for string matching syntactically
more consistent 2022-04-18 Simon J Gerraty <sjg(a)beast.crufty.net> *
VERSION (_MAKE_VERSION): 20220418 Merge with NetBSD make, pick up
o ignore '.POSIX:' if not in first non-comment line of Makefile as
specified by POSIX. add unit-tests for above. o meta.c: make it
easier to find usage of identifiers o targ.c: add .USEBEFORE to
Targ_PrintType 2022-04-14 Simon J Gerraty <sjg(a)beast.crufty.net> *
VERSION (_MAKE_VERSION): 20220414 * unit-tests/Makefile: simplify
checks for shells with BROKEN_TESTS, this helps with other Linux distros
that use dash. 2022-03-30 Simon J Gerraty <sjg(a)beast.crufty.net>
* VERSION (_MAKE_VERSION): 20220330 Merge with NetBSD make, pick up
o var.c: fix spacing, and a typo in a test 2022-03-26 Simon J Gerraty
<sjg(a)beast.crufty.net> * VERSION (_MAKE_VERSION): 20220326
Merge with NetBSD make, pick up o parse.c: try to include 'posix.mk' the
first time .POSIX: is encountered, to allow for beter POSIX compliance.
o var.c: make debug logs more readable prefer 'long long' over
'long' on
32-bit C99 platforms fix crash on .undef of an environment variable
2022-03-03 Simon J Gerraty <sjg(a)beast.crufty.net> * VERSION
(_MAKE_VERSION): 20220303 Merge with NetBSD make, pick up o tell
meta mode unit tests not to expect filemon o cond.c: make debug logging
for comparisons less technical o lst.c: fix mem leak in Lst_Remove
o str.c: make code for string matching syntactically more consistent o
var.c: simplify ParseModifier_Match 2022-02-14 Simon J Gerraty
<sjg(a)beast.crufty.net> * unit-tests/Makefile: control MAKESYSPATH for
deptgt-phony * VERSION (_MAKE_VERSION): 20220214 Merge with
NetBSD make, pick up o cond.c: simplify control flow in
CondParser_Comparison o job.c: fix echoing of command with '-' in silent
target in jobs mode o main.c: prefix the warning about read-only .OBJDIR
with a colon o parse.c: remove redundant conditions o var.c:
simplify control flow in ModifyWord_SysVSubst 2022-02-08 Simon J Gerraty
<sjg(a)beast.crufty.net> * unit-tests/Makefile: disable opt-debug-x-trace
on Linux if there is any chance we have dash as .SHELL *
VERSION (_MAKE_VERSION): 20220208 Merge with NetBSD make, pick up
o more unit tests o meta.c: use a variable to hold command line to be
filtered to avoid any side effects from content of command line.
2022-02-04 Simon J Gerraty <sjg(a)beast.crufty.net> * VERSION
(_MAKE_VERSION): 20220204 Merge with NetBSD make, pick up o use
unsigned consistently for line numbers, avoid the need for %z o parse.c:
do not step off end of input in Parse_IsVar when checking for target
local variable assignments 2022-02-02 Simon J Gerraty <sjg(a)beast.crufty.net>
* VERSION (_MAKE_VERSION): 20220202 Merge with NetBSD make, pick up
o remove redundant declaration of HashIter_Init o make DEBUG0 simpler
2022-01-30 Simon J Gerraty <sjg(a)beast.crufty.net> * cast gn->lineno
to avoid %z * VERSION (_MAKE_VERSION): 20220130 Merge with
NetBSD make, pick up o more unit tests o make GNode lineno
unsigned to please lint o print location of recursive variable
references in commands o print "stack trace" (makefile includes) on
fatal errors o make.1: refine documentation for target local assignments
2022-01-28 Simon J Gerraty <sjg(a)beast.crufty.net> * VERSION
(_MAKE_VERSION): 20220128 Merge with NetBSD make, pick up o
inline functions called only once o for.c: clean up AddEscape for
building the body of a .for loop o hash.c: merge duplicate code for
finding an entry in a hash table replace HashEntry_KeyEquals with
strncmp o make.1: document quirks of target local variable assignments.
o parse.c: cleanup white-space 2022-01-26 Simon J Gerraty
<sjg(a)beast.crufty.net> * VERSION (_MAKE_VERSION): 20220126
Merge with NetBSD make, pick up o allow setting target local variables
o more unit tests o add missing newline after "cannot continue" message
o meta.c: clean up eat_dots o parse.c: fix filename in warning about
duplicate script o var.c: when expanding nested variables, check simple
things first ```
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Petr Men����k <pemensik(a)redhat.com> - 20220612-1
- Update to 20220612 (#2050475)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2050475 - bmake-20220612 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2050475
--------------------------------------------------------------------------------
================================================================================
composer-2.3.8-1.fc35 (FEDORA-2022-8b73cc9207)
Dependency Manager for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.3.8** - 2022-07-01 * Fixed support for `cache-read-only` where
the filesystem is not writable (#10906) * Fixed type error when using `allow-
plugins: true` (#10909) * Fixed @putenv scripts receiving arguments passed to
the command (#10846) * Fixed support for spaces in paths with binary proxies
on Windows (#10836) * Fixed type error in GitDownloader if branches cannot be
listed (#10888) * Fixed RootPackageInterface issue on PHP 5.3.3 (#10895) *
Fixed type errors (#10904, #10897)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Remi Collet <remi(a)remirepo.net> - 2.3.8-1
- update to 2.3.8
- add bash completion file (for upcoming 2.4)
--------------------------------------------------------------------------------
================================================================================
cronie-1.5.7-4.fc35 (FEDORA-2022-f32782c397)
Cron daemon for executing programs at set times
--------------------------------------------------------------------------------
Update Information:
Set 'missingok' for /etc/cron.deny to not recreate it on update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 28 2022 Jan Stan��k <jstanek(a)redhat.com> - 1.5.7-4
- Set 'missingok' for /etc/cron.deny to not recreate it on update
--------------------------------------------------------------------------------
================================================================================
golang-1.16.15-3.fc35 (FEDORA-2022-ffe7dba2cb)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-29526
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Alejandro S��ez <asm(a)redhat.com> - 1.16.15-3
- Backport of patch.
- Resolves: rhbz#2093092
- Adds 0006-fix-CVE-2022-29526.patch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
https://bugzilla.redhat.com/show_bug.cgi?id=2084085
--------------------------------------------------------------------------------
================================================================================
i3lock-2.14.1-1.fc35 (FEDORA-2022-22bddd640b)
Simple X display locker like slock
--------------------------------------------------------------------------------
Update Information:
New upstream release 2.14.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> 2.14.1-1
- New upstream release 2.14.1, fixes rhbz#2091286
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.13-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2091286 - i3lock-2.14.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2091286
--------------------------------------------------------------------------------
================================================================================
libeatmydata-130-4.fc35 (FEDORA-2022-894c35de89)
Library and utilities designed to disable fsync and friends
--------------------------------------------------------------------------------
Update Information:
https://bugzilla.redhat.com/show_bug.cgi?id=2099313 fix which is:
`/usr/libexec/eatmydata.sh` points to `/usr/lib/libeatmydata` rather than
`/usr/lib64` ``` $ eatmydata sleep 1 eatmydata error: could not find eatmydata
library /usr/lib/libeatmydata.so ``` i.e. the noarch build of the `eatmydata`
package was incorrect.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 11 2022 Stewart Smith <stewart(a)flamingspork.com> - 130-4
- Fix Summary
- Build eatmydata per-arch as script contains arch specific dirs
See
https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2099313 - eatmydata error: could not find eatmydata library
/usr/lib/libeatmydata.so
https://bugzilla.redhat.com/show_bug.cgi?id=2099313
--------------------------------------------------------------------------------
================================================================================
libtpms-0.9.5-1.fc35 (FEDORA-2022-336f54d470)
Library providing Trusted Platform Module (TPM) functionality
--------------------------------------------------------------------------------
Update Information:
Build of libtpms 0.9.5
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Stefan Berger <stefanb(a)linux.ibm.com> - 0.9.5-1
- Build of libtpms 0.9.5
- Ported Fabio Velntini's patch to this file from rawhide:
- Use standard method for fetching a GitHub release tarball.
- Fix Versioning scheme to confirm with Packaging Guidelines.
- Tighten file globs to match Packaging Guidelines.
--------------------------------------------------------------------------------
================================================================================
magic-8.3.315-1.fc35 (FEDORA-2022-1d1171750c)
A very capable VLSI layout tool
--------------------------------------------------------------------------------
Update Information:
New version 8.3.315 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 8.3.315-1
- 8.3.315
--------------------------------------------------------------------------------
================================================================================
mame-0.245-1.fc35 (FEDORA-2022-92fa7c928a)
Multiple Arcade Machine Emulator
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release: *
https://www.mamedev.org/?p=514
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 30 2022 Julian Sikorski <belegdol(a)fedoraproject.org> 0.245-1
- Update to 0.245
--------------------------------------------------------------------------------
================================================================================
pacemaker-2.1.4-4.fc35 (FEDORA-2022-fa4cd83428)
Scalable High-Availability cluster resource manager
--------------------------------------------------------------------------------
Update Information:
``` * Thu Jun 30 2022 Klaus Wenninger <kwenning(a)redhat.com> - 2.1.4-4 - Fix
2.1.3 regression: Don't output "(null)" in crm_attribute's quiet mode
(rhbz#2099331) ```
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 30 2022 Klaus Wenninger <kwenning(a)redhat.com> - 2.1.4-4
- Fix 2.1.3 regression: Don't output "(null)" in crm_attribute's
quiet mode (rhbz#2099331)
--------------------------------------------------------------------------------
================================================================================
pipewire-0.3.53-2.fc35 (FEDORA-2022-9f16e3b559)
Media Sharing Server
--------------------------------------------------------------------------------
Update Information:
Add patch to avoid crash in audioconvert (mpv) ---- Update version to 0.3.53
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Wim Taymans <wtaymans(a)redhat.com> - 0.3.53-2
- Add patch to avoid crash in audioconvert (mpv)
* Thu Jun 30 2022 Wim Taymans <wtaymans(a)redhat.com> - 0.3.53-1
- Update version to 0.3.53
--------------------------------------------------------------------------------
================================================================================
python-virt-firmware-1.1-1.fc35 (FEDORA-2022-c27d48e43c)
Tools for virtual machine firmware volumes
--------------------------------------------------------------------------------
Update Information:
update to version 1.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Gerd Hoffmann <kraxel(a)redhat.com> - 1.1-1
- update to version 1.1
--------------------------------------------------------------------------------
================================================================================
qownnotes-22.6.2-1.fc35 (FEDORA-2022-faa9da6e00)
Plain-text file markdown note taking with Nextcloud integration
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 22.6.2-1
- chore(update): 22.6.2
--------------------------------------------------------------------------------
================================================================================
rpm-4.17.1-1.fc35 (FEDORA-2022-37913de00f)
The RPM package management system
--------------------------------------------------------------------------------
Update Information:
Rebase to rpm 4.17.1 (
http://rpm.org/wiki/Releases/4.17.1)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Michal Domonkos <mdomonko(a)redhat.com> - 4.17.1-1
- Rebase to rpm 4.17.1 (
http://rpm.org/wiki/Releases/4.17.1)
--------------------------------------------------------------------------------
================================================================================
rubygem-sequel-5.58.0-1.fc35 (FEDORA-2022-77c6f0f144)
The Database Toolkit for Ruby
--------------------------------------------------------------------------------
Update Information:
Upgrade to Sequel 5.58
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Alejandro Perez <alejandro.perez.torres(a)gmail.com> - 5.58.0-1
- Initial package
--------------------------------------------------------------------------------
================================================================================
rust-1.62.0-1.fc35 (FEDORA-2022-111f62cd21)
The Rust Programming Language
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.62.0: * `cargo add` * `#[default]` enum variants * Thinner,
faster mutexes on Linux * Stabilized APIs See the [blog
post](https://blog.rust-lang.org/2022/06/30/Rust-1.62.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1620-2022-06-30) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 30 2022 Josh Stone <jistone(a)redhat.com> - 1.62.0-1
- Update to 1.62.0.
--------------------------------------------------------------------------------
================================================================================
rust-packaging-21-4.fc35 (FEDORA-2022-111f62cd21)
RPM macros for building Rust packages
--------------------------------------------------------------------------------
Update Information:
Update to Rust 1.62.0: * `cargo add` * `#[default]` enum variants * Thinner,
faster mutexes on Linux * Stabilized APIs See the [blog
post](https://blog.rust-lang.org/2022/06/30/Rust-1.62.0.html) and [release
notes](https://github.com/rust-
lang/rust/blob/master/RELEASES.md#version-1620-2022-06-30) for more details.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Fabio Valentini <decathorpe(a)gmail.com> 21-4
- Adapt %cargo_prep macro to fix builds with Rust 1.62+
--------------------------------------------------------------------------------
================================================================================
xen-4.15.3-1.fc35 (FEDORA-2022-f5785fba8e)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
update to xen-4.15.3 x86: MMIO Stale Data vulnerabilities (not applied in
4.15.2-5) ---- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166] ---- x86 pv: Race condition in typeref
acquisition [XSA-401, CVE-2022-26362] x86 pv: Insufficient care with non-
coherent mappings [ XSA-402, CVE-2022-26363, CVE-2022-26364]
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 1 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.3-1
- update to xen-4.15.3
remove or adjust patches now included or superceded upstream
- x86: MMIO Stale Data vulnerabilities (not applied in 4.15.2-5)
* Wed Jun 22 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.2-5
- x86: MMIO Stale Data vulnerabilities [XSA-404, CVE-2022-21123,
CVE-2022-21125, CVE-2022-21166]
* Thu Jun 9 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.2-4
- x86 pv: Race condition in typeref acquisition [XSA-401, CVE-2022-26362]
- x86 pv: Insufficient care with non-coherent mappings [ XSA-402,
CVE-2022-26363, CVE-2022-26364]
- additional patches so above applies cleanly
--------------------------------------------------------------------------------