The following Fedora 28 Security updates need testing:
Age URL
251
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
200
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
199
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
192
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
160
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf
docker-latest-1.13.1-37.git9cb56fd.fc28
75
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
32
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790
mupdf-1.14.0-6.fc28
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b60fdc1998
net-snmp-5.8-3.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fe6a4d75
nagios-4.4.2-3.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbcb80405c
nbdkit-1.4.4-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a55f292297
mariadb-connector-c-3.0.7-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5aeca60933
phpMyAdmin-4.8.4-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7d9989c42
nettle-3.4.1-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9fb1de618
wordpress-5.0.1-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2abadd4469
haproxy-1.8.15-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b
tomcat-8.5.35-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-615705632d
ansible-2.7.5-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4b8a18767b
adplug-2.2.1-7.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e8c330d50
kernel-4.19.10-200.fc28 kernel-headers-4.19.10-200.fc28 kernel-tools-4.19.10-200.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e2e8a07a01
webkit2gtk3-2.22.5-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
27
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdc6d449e5
pungi-4.1.31-1.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2018-63e2c74a11
python-productmd-1.18-1.fc28
21
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a171287251
libarchive-3.3.3-2.fc28
20
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c86898e4a7 gdb-8.1.1-4.fc28
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b60fdc1998
net-snmp-5.8-3.fc28
15
https://bodhi.fedoraproject.org/updates/FEDORA-2018-12c54ca4bf gjs-1.52.5-1.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-273b0291d0
perl-Unicode-Normalize-1.25-397.fc28
13
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8c7b8ff33e
perl-MIME-Base64-3.15-397.fc28
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a2cd05640
libnetfilter_conntrack-1.0.7-1.fc28
7
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d028a3e7e7 vim-8.1.575-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f3300e9fbf
highlight-3.47-2.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b
nfs-utils-2.3.3-1.rc2.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9963fc558e efivar-37-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-f7d9989c42
nettle-3.4.1-1.fc28
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4a21c5db0c
perl-5.26.3-416.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-11d2779f19
appstream-data-28-11.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-816dbc3486
osinfo-db-20181214-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2efb53dc71 glibc-2.27-37.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-477b6cb0fa nss-3.41.0-3.fc28
0
https://bodhi.fedoraproject.org/updates/FEDORA-2018-6e8c330d50
kernel-4.19.10-200.fc28 kernel-headers-4.19.10-200.fc28 kernel-tools-4.19.10-200.fc28
The following builds have been pushed to Fedora 28 updates-testing
Cadence-1.0.0-0.3.20180827git4a5f5b4.fc28
Zim-0.69-1.fc28
bodhi-3.12.0-1.fc28
buildstream-1.2.3-3.fc28
flatpak-1.0.6-4.fc28
ftp-0.17-77.fc28
fuse-overlayfs-0.1-7.dev.gitf48e1ef.fc28
golang-github-azure-storage-blob-0.3.0-0.1.fc28
golang-github-coreos-go-systemd-18-1.fc28
holland-1.1.9-1.fc28
libwebsockets-3.0.1-1.fc28
lollypop-0.9.904-1.fc28
lorax-28.23-1.fc28
mosquitto-1.5.5-1.fc28
perl-Schedule-Cron-1.01-1.fc28
phan-1.1.8-1.fc28
php-bartlett-php-compatinfo-db-1.39.0-1.fc28
php-phpseclib-2.0.13-1.fc28
php-twig-1.36.0-1.fc28
php-twig2-2.6.0-1.fc28
python-lxml-4.2.5-1.fc28
python-regex-2018.11.22-1.fc28
rclone-1.45-1.fc28
snapd-2.36.3-1.fc28
sqlite-3.22.0-5.fc28
tinc-1.0.35-1.fc28
valgrind-3.14.0-7.fc28
Details about builds:
================================================================================
Cadence-1.0.0-0.3.20180827git4a5f5b4.fc28 (FEDORA-2018-27333d2aaf)
A set of tools useful for audio production
--------------------------------------------------------------------------------
Update Information:
- Add RR hicolor-icon-theme - Add comment which files are licensed under LGPLv2+
- Take ownership of dirs
--------------------------------------------------------------------------------
================================================================================
Zim-0.69-1.fc28 (FEDORA-2018-30b6ada04e)
Desktop wiki & notekeeper
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 17 2018 Robin Lee <cheeselee(a)fedoraproject.org> - 0.69-1
- Update to 0.69
- Fix Requires on Fedora <= 28
* Mon Oct 22 2018 Robin Lee <cheeselee(a)fedoraproject.org> - 0.68-4
- Fix for epel7
* Thu Jul 19 2018 Robin Lee <cheeselee(a)fedoraproject.org> - 0.68-3
- Use python2_sitelib macro (BZ#1603334)
* Thu Jul 12 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.68-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Apr 26 2018 Iryna Shcherbina <shcherbina.iryna(a)gmail.com> - 0.68-2
- Update Python 2 dependency declarations to new packaging standards
(See
https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
--------------------------------------------------------------------------------
================================================================================
bodhi-3.12.0-1.fc28 (FEDORA-2018-772d6c4c3f)
A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:
Update to [
3.12.0](https://github.com/fedora-infra/bodhi/releases/tag/3.12.0).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 17 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 3.12.0-1
- Upgrade to 3.12.0.
-
https://github.com/fedora-infra/bodhi/releases/tag/3.12.0
--------------------------------------------------------------------------------
================================================================================
buildstream-1.2.3-3.fc28 (FEDORA-2018-bae3c94c30)
Build/integrate software stacks
--------------------------------------------------------------------------------
Update Information:
BuildStream is a Free Software tool for building/integrating software stacks. It
takes inspiration, lessons and use-cases from various projects including OBS,
Reproducible Builds, Yocto, Baserock, Buildroot, Aboriginal, GNOME Continuous,
JHBuild, Flatpak Builder and Android repo. BuildStream supports multiple build-
systems (e.g. autotools, cmake, cpan, distutils, make, meson, qmake), and can
create outputs in a range of formats (e.g. debian packages, flatpak runtimes,
sysroots, system images) for multiple platforms and chipsets.
--------------------------------------------------------------------------------
================================================================================
flatpak-1.0.6-4.fc28 (FEDORA-2018-db7152a500)
Application deployment framework for desktop apps
--------------------------------------------------------------------------------
Update Information:
Fix OCI download progress reporting ---- This update fixes problems with OCI
remotes installed system wide. It is needed to access Flatpaks on
registry.fedoraproject.org.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 14 2018 David King <amigadave(a)amigadave.com> - 1.0.6-4
- Fix OCI download progress reporting
* Fri Nov 30 2018 fedora-toolbox <otaylor(a)redhat.com> - 1.0.6-3
- Add a patch to fix OCI system remotes
- Add patch fixing permissions on icons downloaded from an OCI registry
--------------------------------------------------------------------------------
================================================================================
ftp-0.17-77.fc28 (FEDORA-2018-0171a55eda)
The standard UNIX FTP (File Transfer Protocol) client
--------------------------------------------------------------------------------
Update Information:
Fix for bug #1624949
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 17 2018 Michal Ruprich <mruprich(a)redhat.com> - 0.17-77
- Resolves: #1624949 - netkit ftp client buffer overflow in makeargv()
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1624949 - netkit ftp client buffer overflow in makeargv()
https://bugzilla.redhat.com/show_bug.cgi?id=1624949
--------------------------------------------------------------------------------
================================================================================
fuse-overlayfs-0.1-7.dev.gitf48e1ef.fc28 (FEDORA-2018-8cf55ba16c)
FUSE overlay+shiftfs implementation for rootless containers
--------------------------------------------------------------------------------
Update Information:
built commit f48e1ef
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Giuseppe Scrivano <gscrivan(a)redhat.com> - 0.1-7.dev.gitf48e1ef
- built commit f48e1ef
* Fri Nov 23 2018 Giuseppe Scrivano <gscrivan(a)redhat.com> - 0.1-6.dev.git3d48bf9
- built commit 3d48bf9
* Fri Aug 10 2018 Lokesh Mandvekar <lsm5(a)fedoraproject.org> - 0.1-5.dev.gitd40ac75
- built commit d40ac75
--------------------------------------------------------------------------------
================================================================================
golang-github-azure-storage-blob-0.3.0-0.1.fc28 (FEDORA-2018-e0b46625d5)
Microsoft Azure Blob Storage Library for Go
--------------------------------------------------------------------------------
Update Information:
Update to version 0.3.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 0.3.0-1
- Update to version 0.3.0
--------------------------------------------------------------------------------
================================================================================
golang-github-coreos-go-systemd-18-1.fc28 (FEDORA-2018-4d32aec449)
Go bindings to systemd socket activation, journal and D-BUS APIs
--------------------------------------------------------------------------------
Update Information:
Release 18
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 14 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 18-1
- Release 18
* Tue Oct 23 2018 Nicolas Mailhot <nim(a)fedoraproject.org> - 10-11
- redhat-rpm-config-123 triggers bugs in gosetup, remove it from Go spec files as it���s
just an alias
-
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 10-10
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jun 9 2018 Jan Chaloupka <jchaloup(a)redhat.com> - 10-9
- Upload glide files
* Wed Feb 28 2018 Jan Chaloupka <jchaloup(a)redhat.com> - 10-8
- Autogenerate some parts using the new macros
--------------------------------------------------------------------------------
================================================================================
holland-1.1.9-1.fc28 (FEDORA-2018-672109903b)
Pluggable Backup Framework
--------------------------------------------------------------------------------
Update Information:
- Latest upstream ---- Latest upstream change xtrabackup requires to
/usr/bin/xtrabackup
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Carl George <carl(a)george.computer> - 1.1.9-1
- Latest upstream
* Thu Oct 11 2018 Pete Travis <immanetize(a)fedoraproject.org> - 1.1.8-2
- Latest upstream
- change requires for xtrabackup subpackage to path to allow for alternative sources
* Wed Oct 3 2018 Carl George <carl(a)george.computer> - 1.1.7-1
- Latest upstream
* Wed Oct 3 2018 Carl George <carl(a)george.computer> - 1.1.6-1
- Latest upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1638541 - holland-1.1.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1638541
--------------------------------------------------------------------------------
================================================================================
libwebsockets-3.0.1-1.fc28 (FEDORA-2018-195cba1aa3)
A lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 3.0.1 (rhbz#1604687)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.0.1-1
- Update to latest upstream release 3.0.1 (rhbz#1604687)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon May 7 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.0.0-1
- Update to latest upstream release 3.0.0 (rhbz#1575605)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1604687 - libwebsockets: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604687
--------------------------------------------------------------------------------
================================================================================
lollypop-0.9.904-1.fc28 (FEDORA-2018-20ae3179f5)
Music player for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.904-1 ---- Update to 0.9.903-1 ---- Update to 0.9.902-1 ----
Update to 0.9.900-1 ---- - Drop a Python 2 dependency from Python 3 package
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.904-1
- Update to 0.9.904
* Sat Dec 15 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.903-1
- Update to 0.9.903
* Sat Dec 15 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.902-1
- Update to 0.9.902
* Fri Dec 14 2018 Martin Gansser <martinkg(a)fedoraproject.org> - 0.9.900-1
- Update to 0.9.900
* Sun Dec 9 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 0.9.612-2
- Drop a Python 2 dependency from Python 3 package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1651119 - [abrt] lollypop: __new__(): Gdk.py:346:__new__:TypeError:
constructor returned NULL
https://bugzilla.redhat.com/show_bug.cgi?id=1651119
--------------------------------------------------------------------------------
================================================================================
lorax-28.23-1.fc28 (FEDORA-2018-52b73ca4b6)
Tool for creating the anaconda install images
--------------------------------------------------------------------------------
Update Information:
- lorax: Save information about rootfs filesystem size and usage
(bcl(a)redhat.com) - Turn on signed tags when using tito. (bcl(a)redhat.com)
- lorax-composer: Cancel running Anaconda process (bcl(a)redhat.com) - Add
cancel_func to virt and novirt_install functions (bcl(a)redhat.com) - lorax-
composer: Check for STATUS before deleting (bcl(a)redhat.com) - Check for
existing CANCEL request, and exit on FINISHED (bcl(a)redhat.com) - Fix vhd
images (vponcova(a)redhat.com) ---- - lorax-composer: Handle packages with
multiple builds - lorax-composer: Check the queue and results at startup ----
- Adjust tmux version in the tests to 2.8 (bcl(a)redhat.com) - New lorax
documentation - 28.21 (bcl(a)redhat.com) - lorax-composer: Install selinux-
policy-targeted in images (bcl(a)redhat.com) - Remove setfiles from
mkrootfsimage (bcl(a)redhat.com) - Remove SELinux Permissive checks
(bcl(a)redhat.com) - Add --no-system-repos to lorax-composer (bcl(a)redhat.com)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 17 2018 Brian C. Lane <bcl(a)redhat.com> 28.23-1
- lorax: Save information about rootfs filesystem size and usage (bcl(a)redhat.com)
- Turn on signed tags when using tito. (bcl(a)redhat.com)
- lorax-composer: Cancel running Anaconda process (bcl(a)redhat.com)
- Add cancel_func to virt and novirt_install functions (bcl(a)redhat.com)
- lorax-composer: Check for STATUS before deleting (bcl(a)redhat.com)
- Check for existing CANCEL request, and exit on FINISHED (bcl(a)redhat.com)
- Fix vhd images (vponcova(a)redhat.com)
* Thu Dec 6 2018 Brian C. Lane <bcl(a)redhat.com> 28.22-1
- lorax-composer: Handle packages with multiple builds (bcl(a)redhat.com)
- lorax-composer: Check the queue and results at startup (bcl(a)redhat.com)
* Thu Nov 29 2018 Brian C. Lane <bcl(a)redhat.com> 28.21-1
- Adjust tmux version in the tests to 2.8 (bcl(a)redhat.com)
- New lorax documentation - 28.21 (bcl(a)redhat.com)
- lorax-composer: Install selinux-policy-targeted in images (bcl(a)redhat.com)
- Remove setfiles from mkrootfsimage (bcl(a)redhat.com)
- Remove SELinux Permissive checks (bcl(a)redhat.com)
- Add --no-system-repos to lorax-composer (bcl(a)redhat.com)
* Mon Oct 29 2018 Brian C. Lane <bcl(a)redhat.com> 28.20-1
- New lorax documentation - 28.20 (bcl(a)redhat.com)
- Build manpages for composer-cli and lorax-composer (bcl(a)redhat.com)
- Add tests for ltmpl.py (bcl(a)redhat.com)
- Move get_dnf_base_object into a module (bcl(a)redhat.com)
- lorax: Fix dnf problems with selecting highest NEVRA from multiple repos
(bcl(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.5.5-1.fc28 (FEDORA-2018-5acdf115df)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.5.5-1
- Update to new upstream version 1.5.5 (rhbz#1660413, rhbz#1660414)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1660413 - CVE-2018-20145 mosquitto: Possible ACL bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1660413
--------------------------------------------------------------------------------
================================================================================
perl-Schedule-Cron-1.01-1.fc28 (FEDORA-2018-4da7e24c1e)
Provides a simple but complete cron like scheduler
--------------------------------------------------------------------------------
Update Information:
Initial specfile
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1658851 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1658851
--------------------------------------------------------------------------------
================================================================================
phan-1.1.8-1.fc28 (FEDORA-2018-999020a8d6)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
15 Dec 2018, **Phan 1.1.8** ----------------------- **New features
(Analysis):** + Infer more accurate types for return values/expected arguments
of methods of template classes. + Support template types in magic methods and
properties. (#776, related to #497) + Emit `PhanUndeclaredMagicConstant` when
using a magic constant in a scope that doesn't make sense. Infer more accurate
literal strings for some magic constants. **Bug fixes:** + Fix a crash when an
empty scalar value was passed to a function with variadic arguments (#2232)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 16 2018 Remi Collet <remi(a)remirepo.net> - 1.1.8-1
- update to 1.1.8
--------------------------------------------------------------------------------
================================================================================
php-bartlett-php-compatinfo-db-1.39.0-1.fc28 (FEDORA-2018-b410437d94)
Reference Database to be used with php-compatinfo library
--------------------------------------------------------------------------------
Update Information:
**Version 1.39.0** - 2018-12-16 **Added** - Support to PHP 7.2.13 - Support to
PHP 7.1.25 - Support to PHP 7.0.33 - Support to PHP 5.6.39 **Changed** - APCu
reference updated to version 5.1.5 (stable) - Redis reference updated to version
4.2.0 (stable) - Yaml reference updated to version 1.3.2 (stable)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Remi Collet <remi(a)remirepo.net> - 1.39.0-1
- update to 1.39.0
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.13-1.fc28 (FEDORA-2018-221c3dc811)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.13** * SSH2: fix order of user_error() / bitmap reset (#1314)
* SSH2: setTimeout(0) didn't work as intended (#1116) * Agent: add support
for rsa-sha2-256 / rsa-sha2-512 (#1319) * Agent: add parameter to constructor
(#1319) * X509: fix errors with validateDate (#1318)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Remi Collet <remi(a)remirepo.net> - 2.0.13-1
- update to 2.0.13
--------------------------------------------------------------------------------
================================================================================
php-twig-1.36.0-1.fc28 (FEDORA-2018-e725a0d2a2)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.36.0** (2018-12-16) * made sure twig_include returns a string *
fixed multi-byte UFT-8 in escape('html_attr') * added the "deprecated"
tag *
added support for dynamically named tests * fixed GlobalsInterface extended
class * fixed filesystem loader throwing an exception instead of returning
false
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Remi Collet <remi(a)remirepo.net> - 1.36.0-1
- update to 1.36.0
--------------------------------------------------------------------------------
================================================================================
php-twig2-2.6.0-1.fc28 (FEDORA-2018-d983e4b35e)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.6.0** (2018-12-16) * made sure twig_include returns a string *
fixed multi-byte UFT-8 in escape('html_attr') * added the "deprecated"
tag *
added support for dynamically named tests * fixed GlobalsInterface extended
class * fixed filesystem loader throwing an exception instead of returning
false
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Remi Collet <remi(a)remirepo.net> - 2.6.0-1
- update to 2.6.0
- add dependency on symfony/polyfill-mbstring 1.3
--------------------------------------------------------------------------------
================================================================================
python-lxml-4.2.5-1.fc28 (FEDORA-2018-67e98d4b7a)
XML processing library combining libxml2/libxslt with the ElementTree API
--------------------------------------------------------------------------------
Update Information:
Update to 4.2.5
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 4.2.5-1
- Update to 4.2.5
* Sun Sep 2 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 4.2.4-1
- Update to 4.2.4
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.2.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Sat Jul 7 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 4.2.3-1
- Update to 4.2.3
* Sun Jun 17 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 4.2.1-2
- Rebuilt for Python 3.7
* Wed Apr 25 2018 Igor Gnatenko <ignatenkobrain(a)fedoraproject.org> - 4.2.1-1
- Update to 4.2.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1660236 - CVE-2018-19787 python-lxml: XSS in lxml.html.clean module in
lxml/html/clean.py [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1660236
--------------------------------------------------------------------------------
================================================================================
python-regex-2018.11.22-1.fc28 (FEDORA-2018-2468f3f1da)
Alternative regular expression module, to replace re
--------------------------------------------------------------------------------
Update Information:
Update to the latest released version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Thomas Moschny <thomas.moschny(a)gmx.de> - 2018.11.22-1
- Update to 2018.11.22.
--------------------------------------------------------------------------------
================================================================================
rclone-1.45-1.fc28 (FEDORA-2018-ecc24b13dc)
Rsync for cloud storage
--------------------------------------------------------------------------------
Update Information:
Update to version 1.45
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.45-1
- Update to version 1.45
--------------------------------------------------------------------------------
================================================================================
snapd-2.36.3-1.fc28 (FEDORA-2018-b66c5e0d53)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Update to 2.36.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Neal Gompa <ngompa13(a)gmail.com> - 2.36.3-1
- Release 2.36.3 to Fedora
- Remove merged patch
* Fri Dec 14 2018 Michael Vogt <mvo(a)ubuntu.com>
- New upstream release 2.36.3
- wrappers: use new systemd.IsActive in core18 early boot
- httputil: retry on temporary net errors
- wrappers: only restart service in core18 when they are active
- systemd: start snapd.autoimport.service in --no-block mode
- data/selinux: fix syntax error in definition of snappy_admin
interfacewhen installing selinux-policy-devel package.
- centos: enable SELinux support on CentOS 7
- cmd, dirs, interfaces/apparmor: update distro identification to
support ID="archlinux"
- apparmor: allow hard link to snap-specific semaphore files
- overlord,apparmor: new syskey behaviour + non-ignored snap-confine
profile errors
- snap: add new `snap run --trace-exec` call
- interfaces/backends: detect too old apparmor_parser
* Thu Nov 29 2018 Michael Vogt <mvo(a)ubuntu.com>
- New upstream release 2.36.2
- daemon, vendor: bump
github.com/coreos/go-systemd/activation,
handle API changes
- snapstate: update fontconfig caches on install
- overlord,daemon: mock security backends for testing
- sanity, spread, tests: add CentOS
- Revert "cmd/snap, tests/main/snap-info: highlight the current
channel"
- cmd/snap: add nanosleep to blacklisted syscalls when running with
--strace
- tests: add regression test for LP: #1803535
- snap-update-ns: fix trailing slash bug on trespassing error
- interfaces/builtin/opengl: allow reading /etc/OpenCL/vendors
- cmd/snap-confine: nvidia: pick up libnvidia-opencl.so
- interfaces/opengl: add additional accesses for cuda
* Wed Nov 21 2018 Neal Gompa <ngompa13(a)gmail.com> - 2.36-4
- Fix backport patch
* Wed Nov 21 2018 Neal Gompa <ngompa13(a)gmail.com> - 2.36-3
- Backport fixes for EL7 support
* Wed Nov 14 2018 Neal Gompa <ngompa13(a)gmail.com> - 2.36-2
- Fix runtime dependency for selinux subpackage for EL7
* Fri Nov 9 2018 Michael Vogt <mvo(a)ubuntu.com>
- New upstream release 2.36.1
- tests,snap-confine: add core18 only hooks test and fix running
core18 only hooks on classic
- interfaces/apparmor: allow access to
/run/snap.$SNAP_INSTANCE_NAME
- spread.yaml: add more systems to the autopkgtest and qemu backends
- daemon: spool sideloaded snap into blob dir
- wrappers: fix generating of service units with multiple `before`
dependencies
- data: run snapd.autoimport.service only after seeding
- tests,store,daemon: ensure proxy settings are honored in
auth/userinfo too
- packaging/fedora: Merge changes from Fedora Dist-Git
- tests/lib: adjust to changed systemctl behaviour on debian-9
- tests/main/interfces-accounts-service: switch to busctl, more
debugging
- store: also make snaps downloaded via deltas 0600
- cmd/snap-exec: don't fail on some try mode snaps
- cmd/snap, userd, testutil: tweak DBus tests to use private session
bus connection
- tests/main: fixes for the new shellcheck
- cmd/snap-confine: remove stale mount profile along stale namespace
- data/apt: close stderr when calling snap in the apt install hook
--------------------------------------------------------------------------------
================================================================================
sqlite-3.22.0-5.fc28 (FEDORA-2018-5f91fbf4fd)
Library that implements an embeddable SQL database engine
--------------------------------------------------------------------------------
Update Information:
Security fix for fts3/4 corrupt database exploit
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 17 2018 Petr Kubat <pkubat(a)redhat.com> - 3.22.0-5
- Fixed fts3/4 corrupt database exploit (#1659677)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1659379 - sqlite: Multiple flaws in sqlite which can be triggered via
corrupted internal databases (Magellan)
https://bugzilla.redhat.com/show_bug.cgi?id=1659379
--------------------------------------------------------------------------------
================================================================================
tinc-1.0.35-1.fc28 (FEDORA-2018-31c2a0b2ea)
A virtual private network daemon
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2018-16737, CVE-2018-16738, CVE-2018-16758
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 18 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.0.35-1
- Fix for CVE-2018-16737, CVE-2018-16738 and CVE-2018-16758
- Update to new upstream version 1.0.35
* Fri Oct 26 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.0.34-1
- Update to new upstream version 1.0.34
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.33-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Mar 8 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 1.0.33-3
- Fix BR
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637483 - CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues
fixed in the 1.0.35 release [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1637483
[ 2 ] Bug #1637482 - CVE-2018-16737 CVE-2018-16738 CVE-2018-16758 tinc: Multiple issues
fixed in the 1.0.35 release [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1637482
--------------------------------------------------------------------------------
================================================================================
valgrind-3.14.0-7.fc28 (FEDORA-2018-725d146d26)
Tool for finding memory management bugs in programs
--------------------------------------------------------------------------------
Update Information:
Fixes for power strcmp inlining. s390x z13 support. Arm64 fixes for ptrace and
crypto/openssl support. Support AVX optimized wcsncmp.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 14 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-7
- Add valgrind-3.14.0-arm64-ptrace-traceme.patch
- Add valgrind-3.14.0-mc_translate-vecret.patch
* Wed Dec 12 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-6
- Add valgrind-3.14.0-final_tidyup.patch
- Add valgrind-3.14.0-ppc64-ldbrx.patch
- Add valgrind-3.14.0-ppc64-unaligned-words.patch
- Add valgrind-3.14.0-ppc64-lxvd2x.patch
- Add valgrind-3.14.0-ppc64-unaligned-vecs.patch
- Add valgrind-3.14.0-ppc64-lxvb16x.patch
- Add valgrind-3.14.0-set_AV_CR6.patch
- Add valgrind-3.14.0-undef_malloc_args.patch
- Add valgrind-3.14.0-jm-vmx-constraints.patch
- Add valgrind-3.14.0-sigkill.patch
- Add valgrind-3.14.0-ppc64-ptrace.patch
* Sat Dec 1 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-5
- Add valgrind-3.14.0-wcsncmp.patch (#1645971)
- Replace valgrind-3.14.0-s390x-vec-float-point-{code,test}.patch
with upstream versions.
* Fri Nov 23 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-4
- Add valgrind-3.14.0-get_otrack_shadow_offset_wrk-ppc.patch,
valgrind-3.14.0-new-strlen-IROps.patch,
valgrind-3.14.0-ppc-instr-new-IROps.patch,
valgrind-3.14.0-memcheck-new-IROps.patch,
valgrind-3.14.0-ppc-frontend-new-IROps.patch,
valgrind-3.14.0-transform-popcount64-ctznat64.patch and
valgrind-3.14.0-enable-ppc-Iop_Sar_Shr8.patch (#1652926)
* Wed Nov 21 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-3
- Add valgrind-3.14.0-s390z-more-z13-fixes.patch.
* Tue Nov 20 2018 Mark Wielaard <mjw(a)fedoraproject.org> - 3.14.0-2
- Add valgrind-3.14.0-s390x-fix-reg-alloc-vr-vs-fpr.patch.
- Add valgrind-3.14.0-s390x-sign-extend-lochi.patch.
- Add valgrind-3.14.0-s390x-vec-reg-vgdb.patch.
- Add valgrind-3.14.0-s390x-vec-float-point-code.patch
and valgrind-3.14.0-s390x-vec-float-point-tests.patch
- Disable full regtests on fedora everywhere.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1652926 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1652926
[ 2 ] Bug #1645971 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1645971
--------------------------------------------------------------------------------