The following Fedora 29 Security updates need testing:
Age URL
55
https://bodhi.fedoraproject.org/updates/FEDORA-2019-49f80a78bc
mingw-sqlite-3.26.0.0-1.fc29
35
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa5843e0e1
asterisk-16.2.1-1.fc29
30
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4d83e78ad8
libu2f-host-1.1.8-1.fc29
22
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c84f291592
WALinuxAgent-2.2.38-1.fc29
16
https://bodhi.fedoraproject.org/updates/FEDORA-2019-7528388823
chicken-5.0.0-2.fc29
8
https://bodhi.fedoraproject.org/updates/FEDORA-2019-fa61af95b3
aria2-1.34.0-4.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d05bc7e3df
golang-1.11.6-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-9e67979b2a
python-notebook-5.7.8-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4405b4c9f
checkstyle-8.0-4.1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3bfc61567
libvirt-4.7.0-2.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-da36d5d484 php-7.2.17-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-36ce1cb623
nodejs-simple-markdown-0.4.4-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-be9add5b77
kernel-headers-5.0.6-200.fc29 kernel-tools-5.0.6-200.fc29 kernel-5.0.6-200.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
26
https://bodhi.fedoraproject.org/updates/FEDORA-2019-940d3922ce koji-1.17.0-5.fc29
24
https://bodhi.fedoraproject.org/updates/FEDORA-2019-5329292fc2
fedfind-4.2.2-1.fc29 python-productmd-1.20-1.fc29
22
https://bodhi.fedoraproject.org/updates/FEDORA-2019-96c964d319 sddm-0.18.0-4.fc29
16
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f4b2308023
iproute-5.0.0-2.fc29
10
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d04731547a
python3-3.7.3-1.fc29
10
https://bodhi.fedoraproject.org/updates/FEDORA-2019-412c8b4a63 pcre2-10.32-9.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3bfc61567
libvirt-4.7.0-2.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb2c136543
openjpeg2-2.3.1-1.fc29 mingw-openjpeg2-2.3.1-1.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-f9d5f00a26 quota-4.04-11.fc29
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb5f7ef22b
pungi-4.1.35-1.fc29
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d67ec97b0b gtk3-3.24.1-3.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-be9add5b77
kernel-headers-5.0.6-200.fc29 kernel-tools-5.0.6-200.fc29 kernel-5.0.6-200.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-efa6b41d3f fuse-2.9.9-2.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-b4207428d3
e2fsprogs-1.44.6-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
HepMC3-3.1.1-1.fc29
beakerlib-1.18-3.fc29
bird-1.6.6-1.fc29
checksec-1.11.1-1.fc29
container-selinux-2.95-1.gite3ebc68.fc29
dnf-4.2.2-2.fc29
golang-github-sethgrid-pester-1.0.0-2.fc29
hplip-3.18.12-9.fc29
ipv6calc-2.1.0-33.fc29
linux-firmware-20190312-94.fc29
memtest86+-5.01-25.fc29
neon-0.30.2-10.fc29
nfs-ganesha-2.7.3-1.fc29
octave-control-3.2.0-1.fc29
octave-signal-1.4.1-1.fc29
openssl-pkcs11-0.4.10-1.fc29
ovn-2.11.0-4.fc29
pcsc-lite-1.8.25-1.fc29
perl-DB_File-1.851-1.fc29
php-pecl-xdebug-2.7.1-1.fc29
phpunit8-8.1.0-1.fc29
python-twisted-18.9.0-1.fc29
rubygem-marc-1.0.3-1.fc29
rubygem-pkg-config-1.3.7-1.fc29
selinux-policy-3.14.2-53.fc29
smartmontools-7.0-5.fc29
snapd-2.38-2.fc29
snapd-glib-1.47-1.fc29
syncthing-1.1.1-1.fc29
wget-1.20.3-1.fc29
Details about builds:
================================================================================
HepMC3-3.1.1-1.fc29 (FEDORA-2019-59d6e31bba)
C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:
HepMC 3.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 3.1.1-1
- Update to version 3.1.1
- Drop patches accepted upstream or previously backported
- Fix warnings about misleading indentation
- Add missing space in installed cmake file
--------------------------------------------------------------------------------
================================================================================
beakerlib-1.18-3.fc29 (FEDORA-2019-440bd69cd9)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
.. ---- rebase to beakerlib-1.18 - support for dnf/dnf download - support
direct systemctl call - netstat replaced by ss - ability to run without python
(no journal.xml) - better handling of reboots - better handling of persistent
data - final report polishing - better compatibility with old bash -
<prefix>LibraryDir variable pointing to the library directory for all imported
libraries - fallback to curl if wget is not available - updated documentation
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Dalibor Pospisil <dapospis(a)redhat.com> - 1.18-3
- rebase to beakerlib-1.18
- support for dnf/dnf download
- support direct systemctl call
- netstat replaced by ss
- ability to run without python (no journal.xml)
- better handling of reboots
- better handling of persistent data
- final report polishing
- better compatibility with old bash
- <prefix>LibraryDir variable pointing to the library directory for all imported
libraries
- fallback to curl if wget is not available
- updated documentation
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.17-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
bird-1.6.6-1.fc29 (FEDORA-2019-d0329ab519)
BIRD Internet Routing Daemon
--------------------------------------------------------------------------------
Update Information:
Update of bird to upstream version 1.6.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 30 2019 Robert Scheck <robert(a)fedoraproject.org> - 1.6.6-1
- Upgrade to 1.6.6
* Fri Jan 18 2019 Robert Scheck <robert(a)fedoraproject.org> - 1.6.5-1
- Upgrade to 1.6.5
- Modernization and cleanup of spec file
- Ensure /etc/bird.conf can be only read by BIRD user
--------------------------------------------------------------------------------
================================================================================
checksec-1.11.1-1.fc29 (FEDORA-2019-67b85d779a)
Tool to check system for binary-hardening
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.1: - Section of man-page was moved to man1 - Add patch to fix
shebang - Add patch to disable --update command - Remove patch applied in
upstream tarball - De-tabbify spec file - Remove obsolete Group tag
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 1.11.1-1
- Update to 1.11.1 (BZ#1693841)
- Section of man-page was moved to man1
- Add patch to disable --update command
- Add patch to fix shebang
- De-tabbify spec file
* Thu Jan 31 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1611199 - Man page scan results for checksec
https://bugzilla.redhat.com/show_bug.cgi?id=1611199
[ 2 ] Bug #1693841 - checksec-1.11.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1693841
--------------------------------------------------------------------------------
================================================================================
container-selinux-2.95-1.gite3ebc68.fc29 (FEDORA-2019-9e36ddd5a5)
SELinux policies for container runtimes
--------------------------------------------------------------------------------
Update Information:
More allow rules for fusefs sockets and pipes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 1 2019 Dan Walsh <dwalsh(a)fedoraproject.org> - 2.95-1
- Allow containers to create fusefs sockets and named pipes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1693465 - mkfifo is blocked
https://bugzilla.redhat.com/show_bug.cgi?id=1693465
[ 2 ] Bug #1672891 - Many many AVCs from rootless podman on a system with unconfined
disabled
https://bugzilla.redhat.com/show_bug.cgi?id=1672891
--------------------------------------------------------------------------------
================================================================================
dnf-4.2.2-2.fc29 (FEDORA-2019-157a96961d)
Package manager
--------------------------------------------------------------------------------
Update Information:
Add patch fixing the installation of completion_helper.py
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 4 2019 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 4.2.2-2
- Add patch fixing the installation of completion_helper.py
- Fix #1695853
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695853 - Bash autocomplete for "dnf" is broken in F30 (beta)
https://bugzilla.redhat.com/show_bug.cgi?id=1695853
--------------------------------------------------------------------------------
================================================================================
golang-github-sethgrid-pester-1.0.0-2.fc29 (FEDORA-2019-15ce94391e)
Go http calls with retries and backoff
--------------------------------------------------------------------------------
Update Information:
Release 1.0.0 (#1695253)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 1.0.0-2
- Release 1.0.0 (#1695253)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695253 - golang-github-sethgrid-pester-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1695253
--------------------------------------------------------------------------------
================================================================================
hplip-3.18.12-9.fc29 (FEDORA-2019-1c52d4180d)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
1695716 - hpcups crashes in Compressor destructor ---- 1694663 - Cannot scan
with M281fdw LaserJet - failed: Error during device I/O ---- 1694569 - hp-
uiscan does not have interactive mode
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 4 2019 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.18.12-9
- 1695716 - hpcups crashes in Compressor destructor
* Mon Apr 1 2019 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.18.12-8
- 1694663 - Cannot scan with M281fdw LaserJet - failed: Error during device I/O
* Mon Apr 1 2019 Zdenek Dohnal <zdohnal(a)redhat.com> - 3.18.12-7
- 1694569 - hp-uiscan does not have interactive mode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695716 - hpcups crashes in Compressor destructor
https://bugzilla.redhat.com/show_bug.cgi?id=1695716
[ 2 ] Bug #1694663 - Cannot scan with M281fdw LaserJet - failed: Error during device
I/O
https://bugzilla.redhat.com/show_bug.cgi?id=1694663
[ 3 ] Bug #1694569 - [abrt] hplip-gui: module(): hp-uiscan:54:<module>:TypeError:
cannot unpack non-iterable NoneType object
https://bugzilla.redhat.com/show_bug.cgi?id=1694569
--------------------------------------------------------------------------------
================================================================================
ipv6calc-2.1.0-33.fc29 (FEDORA-2019-183484185b)
IPv6 address format change and calculation utility
--------------------------------------------------------------------------------
Update Information:
new release 2.1.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Peter Bieringer <pb(a)bieringer.de> - 2.1.0-33
- new release 2.1.0
--------------------------------------------------------------------------------
================================================================================
linux-firmware-20190312-94.fc29 (FEDORA-2019-372cdbf86a)
Firmware files used by the Linux kernel
--------------------------------------------------------------------------------
Update Information:
* Update to upstream 20190312 release * amgpug, rtl, AMD SEV, and other various
updates
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2019 Josh Boyer <jwboyer(a)fedoraproject.org> 20190312-94
- Update to upstream 20190312 release
- amgpug, rtl, AMD SEV, and other various updates
--------------------------------------------------------------------------------
================================================================================
memtest86+-5.01-25.fc29 (FEDORA-2019-b0a398a6c1)
Stand-alone memory tester for x86 and x86-64 computers
--------------------------------------------------------------------------------
Update Information:
This is an update fixing serial console.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Jaroslav ��karvada <jskarvad(a)redhat.com> - 5.01-25
- Fixed serial console
--------------------------------------------------------------------------------
================================================================================
neon-0.30.2-10.fc29 (FEDORA-2019-97a6a78861)
An HTTP and WebDAV client library
--------------------------------------------------------------------------------
Update Information:
This update fixes compatibility issues with **OpenSSL 1.1** and `TLSv1.3`.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Joe Orton <jorton(a)redhat.com> - 0.30.2-10
- updates for OpenSSL 1.1 (#1675444)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1675444 - neon: FTBFS in Fedora rawhide/f30
https://bugzilla.redhat.com/show_bug.cgi?id=1675444
--------------------------------------------------------------------------------
================================================================================
nfs-ganesha-2.7.3-1.fc29 (FEDORA-2019-27ae617e9b)
NFS-Ganesha is a NFS Server running in user space
--------------------------------------------------------------------------------
Update Information:
nfs-ganesha 2.7.3 GA
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Kaleb S. KEITHLEY <kkeithle at redhat.com> - 2.7.3-1
- nfs-ganesha 2.7.3 GA
--------------------------------------------------------------------------------
================================================================================
octave-control-3.2.0-1.fc29 (FEDORA-2019-fdbf1b351c)
Computer-Aided Control System Design (CACSD) Tools for Octave
--------------------------------------------------------------------------------
Update Information:
- update to 3.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Thomas Sailer <t.sailer(a)alumni.ethz.ch> - 3.2.0-1
- update to 3.2.0
--------------------------------------------------------------------------------
================================================================================
octave-signal-1.4.1-1.fc29 (FEDORA-2019-d8b9a92412)
Signal processing tools for Octave
--------------------------------------------------------------------------------
Update Information:
- update to 1.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Thomas Sailer <t.sailer(a)alumni.ethz.ch> - 1.4.1-1
- update to 1.4.1
--------------------------------------------------------------------------------
================================================================================
openssl-pkcs11-0.4.10-1.fc29 (FEDORA-2019-9fa810af42)
A PKCS#11 engine for use with OpenSSL
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.10
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Anderson Sasaki <ansasaki(a)redhat.com> - 0.4.10-1
- Added BuildRequires for openssl >= 1.0.2
* Thu Apr 4 2019 Anderson Sasaki <ansasaki(a)redhat.com> - 0.4.10-1
- Update to upstream version 0.4.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695895 - openssl-pkcs11-0.4.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1695895
--------------------------------------------------------------------------------
================================================================================
ovn-2.11.0-4.fc29 (FEDORA-2019-aebe44e6a2)
Open Virtual Network support
--------------------------------------------------------------------------------
Update Information:
Provide new OVN packages splitting from openvswitch for fedora
--------------------------------------------------------------------------------
================================================================================
pcsc-lite-1.8.25-1.fc29 (FEDORA-2019-c308ad8ee5)
PC/SC Lite smart card framework and applications
--------------------------------------------------------------------------------
Update Information:
New upstream release including the security fix and enabling autostart of the
service upon install
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Jakub Jelen <jjelen(a)redhat.com> - 1.8.25-1
- New upstream release (#1692559)
- Fix memory leak in SCardEstablishContextTH() (#1684674)
- Enable socket activation after installation (#1545027)
* Fri Feb 1 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.24-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1692559 - pcsc-lite-1.8.25 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1692559
[ 2 ] Bug #1684674 - pcsc-lite: Memory leak in SCardEstablishContextTH() function in
winscard_clnt.c [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1684674
[ 3 ] Bug #1545027 - pcsc-lite: enable socket activation after package installation
https://bugzilla.redhat.com/show_bug.cgi?id=1545027
--------------------------------------------------------------------------------
================================================================================
perl-DB_File-1.851-1.fc29 (FEDORA-2019-1941ff315d)
Perl5 access to Berkeley DB version 1.x
--------------------------------------------------------------------------------
Update Information:
This release improves testing. We deliver it only to provide an up-to-date
version string. ---- This release updates tests, a documentation, and a build
script.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Petr Pisar <ppisar(a)redhat.com> - 1.851-1
- 1.851 bump
* Wed Apr 3 2019 Petr Pisar <ppisar(a)redhat.com> - 1.850-1
- 1.850 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1696450 - perl-DB_File-1.851 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1696450
[ 2 ] Bug #1694342 - perl-DB_File-1.850 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1694342
--------------------------------------------------------------------------------
================================================================================
php-pecl-xdebug-2.7.1-1.fc29 (FEDORA-2019-2dada34628)
PECL package for debugging PHP scripts
--------------------------------------------------------------------------------
Update Information:
Fri, Apr 5, 2019 - **xdebug 2.7.1** **Fixed bugs:** - Fixed issue #1646:
Missing newline in error message - Fixed issue #1647: Memory corruption when a
conditional breakpoint is used - Fixed issue #1641: Perfomance degradation with
getpid syscall (Kees Hoekzema) ---- Wed, Mar 6, 2019 - **xdebug 2.7.0**
**Fixed bugs:** - Fixed issue #1520: Xdebug does not handle variables and
properties with "-" in their name - Fixed issue #1577: Code coverage path
analysis with chained catch fails in PHP 7.3 - Fixed issue #1639: Compile
warning/error on GCC 8 or Clang due to "break intentionally missing" - Fixed
issue #1642: Debugger gives: "Warning: Header may not contain NUL bytes" ----
Fri, Feb 15, 2019 - **xdebug 2.7.0RC2** **Fixed bugs:** - Fixed issue #1551:
Property with value null is not represented well - Fixed issue #1621: Xdebug
fails to compile cleanly on 32-bit platforms - Fixed issue #1625: Work around
ABI conflicts in PHP 7.3.0/PHP 7.3.1 - Fixed issue #1628: The PHP function name
being constructed to record when GC Collection runs, is not freed - Fixed issue
#1629: SOAP Client/Server detection code does not handle inherited classes ----
Fri, Feb 1, 2019 - **xdebug 2.7.0RC1** **Fixed bugs:** - Fixed issue #1571:
File/line information is not shown for closures in namespaces. - Fixed issue
#1578: Compile error due to redefinition of "zif_handler" with old GCCs. -
Fixed
issue #1583: Xdebug crashes when OPcache's compact literals optimisation is on.
- Fixed issue #1598: Make path/branch coverage work with OPcache loaded for PHP
7.3 and later. - Fixed issue #1620: Division by zero when GC Stats Collection
runs with memory manager disabled. ---- Thu, Sep 20, 2018 - **xdebug
2.7.0beta1** **Improvements:** - Fixed issue #1519: PHP 7.3 support
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Remi Collet <remi(a)remirepo.net> - 2.7.1-1
- update to 2.7.1
- add link to documentation in description and configuration file
--------------------------------------------------------------------------------
================================================================================
phpunit8-8.1.0-1.fc29 (FEDORA-2019-77979ee1f7)
The PHP Unit Testing framework version 8
--------------------------------------------------------------------------------
Update Information:
**Version 8.1.0** - 2019-04-05 **Added** * Implemented
[#3528](https://github.com/sebastianbergmann/phpunit/pull/3528): Option to
disable TestDox progress animation * Implemented
[#3556](https://github.com/sebastianbergmann/phpunit/issues/3556): Configure
TestDox result printer via configuration file * Implemented
[#3558](https://github.com/sebastianbergmann/phpunit/issues/3558):
`TestCase::getDependencyInput()` * Information on test groups in the TestDox XML
report is now reported in `group` elements that are child nodes of `test` *
Information from `@covers` and `@uses` annotations is now reported in TestDox
XML * Information on test doubles used in a test is now reported in TestDox XML
**Changed** * The `groups` attribute on the `test` element in the TestDox XML
report is now deprecated
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Remi Collet <remi(a)remirepo.net> - 8.1.0-1
- update to 8.1.0
--------------------------------------------------------------------------------
================================================================================
python-twisted-18.9.0-1.fc29 (FEDORA-2019-118df89857)
Twisted is a networking engine written in Python
--------------------------------------------------------------------------------
Update Information:
Release 18.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 7 2019 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 18.9.0-1
- Release 18.9.0
- Run tests
--------------------------------------------------------------------------------
================================================================================
rubygem-marc-1.0.3-1.fc29 (FEDORA-2019-3db24c9dff)
Ruby library for MARC catalog
--------------------------------------------------------------------------------
Update Information:
New version 1.0.3 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.0.3-1
- 1.0.3
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.2-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sun Nov 18 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.0.2-4
- Use C.UTF-8 locale
See
https://fedoraproject.org/wiki/Changes/Remove_glibc-langpacks-all_from_bu...
--------------------------------------------------------------------------------
================================================================================
rubygem-pkg-config-1.3.7-1.fc29 (FEDORA-2019-5403aad9f9)
A pkg-config implementation by Ruby
--------------------------------------------------------------------------------
Update Information:
New version 1.3.7 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.3.7-1
- 1.3.7
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.14.2-53.fc29 (FEDORA-2019-bf377d92c7)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
More info:
https://koji.fedoraproject.org/koji/buildinfo?buildID=1241873
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2019 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.2-53
- Add gnome_filetrans_fontconfig_home_content interface
- Add permissions needed by systemd's machinectl shell/login
- Update SELinux policy for xen services
- Fix varnisncsa typo
- Allow init start freenx-server BZ(1678025)
- Allow tcpd bind to services ports BZ(1676940)
- Add tcpd_wrapped_domain for telnetd BZ(1676940)
- Update mysql_filetrans_named_content() to allow cluster to create mysql dirs in /var/run
with proper label mysqld_var_run_t
- Make shell_exec_t type as entrypoint for vmtools_unconfined_t.
- Allow esmtp access .esmtprc BZ(1691149)
- Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
- Allow tlp_t domain to read nvme block devices BZ(1692154)
- Add permissions needed by systemd's machinectl shell/login
- Allow systemd_machined_t dac_override capability BZ(1670787)
- Allow unconfined_domain_type to use bpf tools BZ(1694115)
- Update dev_filetrans_all_named_dev() interface
- Allow getty_t, local_login_t, chkpwd_t and passwd_t to use usbttys. BZ(1691582)
- Allow xdm_t domain to create own tmp files BZ(1686675)
* Sat Mar 23 2019 Lukas Vrabec <lvrabec(a)redhat.com> - 3.14.2-52
- Allow boltd_t domain to write to sysfs_t dirs BZ(1689287)
- Allow fail2ban execute journalctl BZ(1689034)
- Update xen SELinux module
- Improve labeling for PCP plugins
- Allow varnishd_t domain to read sysfs_t files
- Update sudodomains to make working confined users run sudo/su
- Allow iptables_t domain to read NetworkManager state BZ(1690881)
- Label /dev/xen/hypercall and /dev/xen/xenbus_backend as xen_device_t Resolves:
rhbz#1679293
- Grant permissions for onloadfs files of all classes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654773 - can't install a ganesha policy due to conflicts with gluster
policy
https://bugzilla.redhat.com/show_bug.cgi?id=1654773
[ 2 ] Bug #1694115 - SELinux is preventing systemd from 'map_create' accesses on
the bpf labeled unconfined_service_t.
https://bugzilla.redhat.com/show_bug.cgi?id=1694115
[ 3 ] Bug #1691582 - SELinux is preventing agetty from access on ttyUSB0.
https://bugzilla.redhat.com/show_bug.cgi?id=1691582
[ 4 ] Bug #1692154 - SELinux is preventing tlp from 'getattr' accesses on the
blk_file /dev/nvme0n1.
https://bugzilla.redhat.com/show_bug.cgi?id=1692154
[ 5 ] Bug #1679293 - [selinux-policy-targeted] xenconsoled.service: Failed with result
'exit-code'
https://bugzilla.redhat.com/show_bug.cgi?id=1679293
[ 6 ] Bug #1657005 - SELinux is preventing x86_energy_perf from 'read' accesses
on the chr_file msr.
https://bugzilla.redhat.com/show_bug.cgi?id=1657005
[ 7 ] Bug #1690766 - SELinux is preventing /usr/bin/vmtoolsd from 'entrypoint'
accesses on the file /usr/bin/bash.
https://bugzilla.redhat.com/show_bug.cgi?id=1690766
[ 8 ] Bug #1690444 - Add policy for cockpit-cert-session
https://bugzilla.redhat.com/show_bug.cgi?id=1690444
[ 9 ] Bug #1689287 - SELinux is preventing boltd from 'write' accesses on the
directory domain0.
https://bugzilla.redhat.com/show_bug.cgi?id=1689287
[ 10 ] Bug #1657780 - SELinux is preventing /usr/lib/systemd/systemd-journald from using
the 'dac_override' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=1657780
[ 11 ] Bug #1694968 - xenstored runs as unconfined_service_t even if the program is
confined
https://bugzilla.redhat.com/show_bug.cgi?id=1694968
[ 12 ] Bug #1663620 - SELinux is preventing systemd-getty-g from read, write access on
the chr_file ttyUSB0.
https://bugzilla.redhat.com/show_bug.cgi?id=1663620
[ 13 ] Bug #1691149 - SELinux is preventing esmtp from 'read' accesses on the
file .esmtprc.
https://bugzilla.redhat.com/show_bug.cgi?id=1691149
[ 14 ] Bug #1631033 - Silverblue 29 /etc/libvirt has wrong selinux label
https://bugzilla.redhat.com/show_bug.cgi?id=1631033
[ 15 ] Bug #1257990 - systemctl shell: failed to get shell pty
https://bugzilla.redhat.com/show_bug.cgi?id=1257990
[ 16 ] Bug #1645837 - SELinux is preventing systemd-logind from 'open' accesses
on the blk_file /dev/sda1.
https://bugzilla.redhat.com/show_bug.cgi?id=1645837
[ 17 ] Bug #1689034 - Allow fail2ban to call journalctl
https://bugzilla.redhat.com/show_bug.cgi?id=1689034
--------------------------------------------------------------------------------
================================================================================
smartmontools-7.0-5.fc29 (FEDORA-2019-a9883f49eb)
Tools for monitoring SMART capable hard disks
--------------------------------------------------------------------------------
Update Information:
update smartmontools to 7.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 3 2019 Michal Hlavinka <mhlavink(a)redhat.com> - 1:7.0-5
- revert smartd_warning related changes
* Sat Feb 2 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Thu Jan 3 2019 Michal Hlavinka <mhlavink(a)redhat.com> - 1:7.0-3
- update default config
* Thu Jan 3 2019 Michal Hlavinka <mhlavink(a)redhat.com> - 1:7.0-2
- use smartd_warning plugin to notify users (bug #1647534)
- spec cleanup
* Thu Jan 3 2019 Michal Hlavinka <mhlavink(a)redhat.com> - 1:7.0-1
- smartmontools updated to 7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695250 - update to smartmontools 7.0 (or greater) for Fedora 29 and Fedora
30
https://bugzilla.redhat.com/show_bug.cgi?id=1695250
--------------------------------------------------------------------------------
================================================================================
snapd-2.38-2.fc29 (FEDORA-2019-a93e7637d2)
A transactional software package manager
--------------------------------------------------------------------------------
Update Information:
Update to `snapd-2.38` and `snapd-glib-1.47`
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Neal Gompa <ngompa13(a)gmail.com> - 2.38-2
- Readd snapd-login-service Provides for gnome-software for F29 and older
* Thu Mar 21 2019 Neal Gompa <ngompa13(a)gmail.com> - 2.38-1
- Release 2.38 to Fedora (RH#1691296)
- Switch to officially released main source tarball
- Drop obsolete snapd-login-service Provides
* Thu Mar 21 2019 Michael Vogt <mvo(a)ubuntu.com>
- New upstream release 2.38
- overlord/snapstate,: retry less for auto-stuff
- cmd/snap: fix regression of snap saved command
- interfaces/builtin: add dev/pts/ptmx access to docker_support
- overlord/snapstate, store: set a header when auto-refreshing
- interfaces/builtin: add add exec "/" to docker-support
- cmd/snap, client, daemon, ifacestate: show a leading attribute of
a connection
- interface: avahi-observe: Fixing socket permissions on 4.15
kernels
- tests: check that apt works before using it
- apparmor: support AppArmor 2.13
- snapstate: restart into the snapd snap on classic
- overlord/snapstate: during refresh, re-refresh on epoch bump
- cmd, daemon: split out the common bits of mapLocal and mapRemote
- cmd/snap-confine: chown private /tmp to root.root
- cmd/snap-confine: drop uid from random /tmp name
- overlord/hookstate: apply pending transaction changes onto
temporary configuration for snapctl get
- cmd/snap: `snap connections` command
- interfaces/greengrass_support: update accesses for GGC 1.8
- cmd/snap, daemon: make the connectivity check use GET
- interfaces/builtin,/udev: add spec support to disable udev +
device cgroup and use it for greengrass
- interfaces/intel-mei: small follow up tweaks
- ifacestate/tests: fix/improve udev mon test
- interfaces: add multipass-support interface
- tests/main/high-user-handling: fix the test for Go 1.12
- interfaces: add new intel-mei interface
- systemd: decrease the checker counter before unlocking otherwise
we can get spurious panics
- daemon/tests: fix race in the disconnect conflict test
- cmd/snap-confine: allow moving tasks to pids cgroup
- tests: enable opensuse tumbleweed on spread
- cmd/snap: fix `snap services` completion
- ifacestate/hotplug: integration with udev monitor
- packaging: build snapctl as a static binary
- packaging/opensuse: move most logic to snapd.mk
- overlord: fix ensure before slowness on Retry
- overlord/ifacestate: fix migration of connections on upgrade from
ubuntu-core
- daemon, client, cmd/snap: debug GETs ask aspects, not actions
- tests/main/desktop-portal-*: fix handling of python dependencies
- interfaces/wayland: allow wayland server snaps function on classic
too
- daemon, client, cmd/snap: snap debug base-declaration
- tests: run tests on opensuse leap 15.0 instead of 42.3
- cmd/snap: fix error messages for snapshots commands if ID is not
uint
- interfaces/seccomp: increase filter precision
- interfaces/network-manager: no peer label check for hostname1
- tests: add a tests for xdg-desktop-portal integration
- tests: not checking 'tracking channel' after refresh core on
nested execution
- tests: remove snapweb from tests
- snap, wrappers: support StartTimeout
- wrappers: Add an X-SnapInstanceName field to desktop files
- cmd/snap: produce better output for help on subcommands
- tests/main/nfs-support: use archive mode for creating fstab backup
- many: collect time each task runs and display it with `snap debug
timings <id>`
- tests: add attribution to helper script
- daemon: make ucrednetGet not loop
- squashfs: unset SOURCE_DATE_EPOCH in the TestBuildDate test
- features,cmd/libsnap: add new feature "refresh-app-awareness"
- overlord: fix random typos
- interfaces/seccomp: generate global seccomp profile
- daemon/api: fix error case for disconnect conflict
- overlord/snapstate: add some randomness to the catalog refresh
- tests: disable trusty-proposed for now
- tests: fix upgrade-from-2.15 with kernel 4.15
- interfaces/apparmor: allow sending and receiving signals from
ourselves
- tests: split the test interfaces-many in 2 and remove snaps on
restore
- tests: use snap which takes 15 seconds to install on retryable-
error test
- packaging: avoid race in snapd.postinst
- overlord/snapstate: discard mount namespace when undoing 1st link
snap
- cmd/snap-confine: allow writes to /var/lib/**
- tests: stop catalog-update test for now
- tests/main/auto-refresh-private: make sure to actually download
with the expired macaroon
- many: save media info when installing, show it when listing
- userd: handle help urls which requires prepending XDG_DATA_DIRS
- tests: fix NFS home mocking
- tests: improve snaps-system-env test
- tests: pre-cache core on core18 systems
- interfaces/hotplug: renamed RequestedSlotSpec to ProposedSlot,
removed Specification
- debian: ensure leftover usr.lib.snapd.snap-confine is gone
- image,cmd/snap,tests: introduce support for modern prepare-image
--snap <snap>[=<channel>]
- overlord/ifacestate: tweak logic for generating unique slot names
- packaging: import debian salsa packaging work, add sbuild test and
use in spead
- overlord/ifacestate: hotplug-add-slot handler
- image,cmd/snap: simplify --classic-arch to --arch, expose
prepare-image
- tests: run test snap as user in the smoke test
- cmd/snap: tweak man output to have no doubled up .TP lines
- cmd/snap, overlord/snapstate: silently ignore classic flag when a
snap is strictly confined
- snap-confine: remove special handling of /var/lib/jenkins
- cmd/snap-confine: handle death of helper process
- packaging: disable systemd environment generator on 18.04
- snap-confine: fix classic snaps for users with /var/lib/* homedirs
- tests/prepare: prevent console-conf from running
- image: bootstrapToRootDir => setupSeed
- image,cmd/snap,tests: introduce prepare-image --classic
- tests: update smoke/sandbox test for armhf
- client, daemon: introduce helper for querying snapd API for the
list of slot/plug connections
- cmd/snap-confine: refactor and cleanup of seccomp loading
- snapstate, snap: allow update/switch requests with risk only
channel to DTRT
- interfaces: add network-manager-observe interface
- snap-confine: increase locking timeout to 30s
- snap-confine: fix incorrect "sanity timeout 3s" message
- snap-confine: provide proper error message on sc_sanity_timeout
- snapd,state: improve error message on state reading failure
- interfaces/apparmor: deny inet/inet6 in snap-update-ns profile
- snap: fix reexec from the snapd snap for classic snaps
- snap: fix hook autodiscovery for parallel installed snaps
- overlord/snapstate: format the refresh time for the log
- cmd/snap-confine: add special case for Jenkins
- snapcraft.yaml: fix XBuildDeb PATH for go-1.10
- overlord/snapstate: validate instance names early
- overlord/ifacestate: handler for hotplug-update-slot tasks
- polkit: cast pid to uint32 to keep polkit happy for now
- snap/naming: move various name validation helpers to separate
package
- tests: iterate getting journal logs to support delay on boards on
daemon-notify test
- cmd/snap: fix typo in cmd_wait.go
- snap/channel: improve channel parsing
- daemon, polkit: pid_t is signed
- daemon: introduce /v2/connections snapd API endpoint
- cmd/snap: small refactor of cmd_info's channel handling
- overlord/snapstate: use an ad-hoc error when no results
- cmd/snap: wrap "summary" better
- tests: workaround missing go dependencies in debian-9
- daemon: try to tidy up the icon stuff a little
- interfaces: add display-control interface
- snapcraft.yaml: fix snap building in launchpad
- tests: update fedora 29 workers to speed up the whole testing time
- interfaces: add u2f-devices interface and allow reading udev
+power_supply:* in hardware-observe
- cmd/snap-update-ns: save errno from strtoul
- tests: interfaces tests normalization
- many: cleanup
golang.org/x/net/context
- tests: add spread test for system dbus interface
- tests: remove -o pipefail
- interfaces: add block-devices interface
- spread: enable upgrade suite on fedora
- tests/main/searching: video section got renamed to photo-and-video
- interfaces/home: use dac_read_search instead of dac_override with
'read: all'
- snap: really run the RunSuite
- interfaces/camera: allow reading vendor/etc info from
/run/udev/data/+usb:*
- interfaces/dbus: be less strict about alternations for well-known
names
- interfaces/home: allow dac_override with 'read:
all'
- interfaces/pulseaudio: allow reading subdirectories of
/etc/pulse
- interfaces/system-observe: allow read on
/proc/locks
- run-checks: ensure we use go-1.10 if available
- tests: get test-snapd-dbus-{provider,consumer} from the beta
channel
- interfaces/apparmor: mock presence of overlayfs root
- spread: increase default kill-timeout to 30min
- tests: simplify interfaces-contacts-service test
- packaging/ubuntu: build with golang 1.10
- ifacestate/tests: extra test for hotplug-connect handler
- packaging: make sure that /var/lib/snapd/lib/glvnd is accounted
for
- overlord/snapstate/backend: call fontconfig helpers from the new
'current'
- kvm: load required kernel modules if necessary
- cmd/snap: use a fake user for 'run' tests
- tests: update systems for google sru backend
- tests: fix install-snaps test by changing the snap info regex
- interfaces: helpers for sorting plug/slot/connection refs
- tests: moving core-snap-refresh-on-core test from main to nested
suite
- tests: fix daemon-notify test checking denials considering all the
log lines
- tests: skip lp-1802591 on "official" images
- tests: fix listing tests to match "snap list --unicode=never"
- debian: fix silly typo in the spread test invocation
- interface: raw-usb: Adding ttyACM ttyACA permissions
- tests: fix enable-disable-unit-gpio test on external boards
- overlord/ifacestate: helper API to obtain the state of connections
- tests: define new "tests/smoke" suite and use that for
autopkgtests
- cmd/snap-update-ns: explicitly check for return value from
parse_arg_u
- interfaces/builtin/opengl: allow access to NVIDIA VDPAU library
- tests: auto-clean the test directory
- cmd/snap: further tweak messaging; add a test
- overlord/ifacestate: handler for hotplug-connect task
- cmd/snap-confine: join freezer only after setting up user mount
- cmd/snap-confine: don't preemptively create .mnt files
- cmd/snap-update-ns: manually implement isspace
- cmd/snap-update-ns: let the go parser know we are parsing -u
- cmd/snap-discard-ns: fix name of user fstab files
- snapshotstate: don't task.Log without the lock
- tests: exclude some more slow tests from runs in autopkgtest
- many: remove .user-fstab files from /run/snapd/ns
- cmd/libsnap: pass --from-snap-confine when calling snap-update-ns
as user
- cmd/snap-update-ns: make freezer mockable
- cmd/snap-update-ns: move XDG code to dedicated file
- osutil: add helper for loading fstab from string
- cmd/snap-update-ns: move existing code around, renaming some
functions
- overlord/configstate/configcore: support - and _ in cloud init
field names
- * cmd/snap-confine: use makedev instead of MKDEV
- tests: review/fix the autopkgtest failures in disco
- overlord: drop old v1 store api support from managers test
- tests: new test for snapshots with more than 1 user
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1691296 - snapd-2.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1691296
[ 2 ] Bug #1684347 - snapd-glib-1.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1684347
--------------------------------------------------------------------------------
================================================================================
snapd-glib-1.47-1.fc29 (FEDORA-2019-a93e7637d2)
Library providing a GLib interface to snapd
--------------------------------------------------------------------------------
Update Information:
Update to `snapd-2.38` and `snapd-glib-1.47`
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 24 2019 Neal Gompa <ngompa13(a)gmail.com> - 1.47-1
- Update to 1.47
- New API: snapd_channel_get_released_at
- New API: SNAPD_ERROR_DNS_FAILURE
- Fix tests breaking due to undefined order of results
- Remove generated MOC file from tarball
* Mon Feb 4 2019 Kalev Lember <klember(a)redhat.com> - 1.45-3
- Update BRs for vala packaging changes
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.45-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jan 25 2019 Richard Hughes <rhughes(a)redhat.com> - 1.45-1
- Update to 1.45
- Support base snap field
- Support filtering apps
- Support maintenance information returned from snapd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1691296 - snapd-2.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1691296
[ 2 ] Bug #1684347 - snapd-glib-1.47 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1684347
--------------------------------------------------------------------------------
================================================================================
syncthing-1.1.1-1.fc29 (FEDORA-2019-a555131c06)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.1. Release notes:
https://github.com/syncthing/syncthing/releases/tag/v1.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Fabio Valentini <decathorpe(a)gmail.com> - 1.1.1-1
- Update to version 1.1.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1687948 - syncthing-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1687948
--------------------------------------------------------------------------------
================================================================================
wget-1.20.3-1.fc29 (FEDORA-2019-7a0497cbc2)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
* update to 1.20.3 * fixed CVE-2019-5953
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 5 2019 Tomas Hozza <thozza(a)redhat.com> - 1.20.3-1
- Update to 1.20.3
- Fix CVE-2019-5953
* Sun Feb 3 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.20.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1695679 - CVE-2019-5953 wget: Buffer overflow vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1695679
--------------------------------------------------------------------------------