Fedora 34 Update: mozilla-ublock-origin-1.35.0-1.fc34
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-c08b5c3003
2021-04-29 18:01:36.085431
--------------------------------------------------------------------------------
Name : mozilla-ublock-origin
Product : Fedora 34
Version : 1.35.0
Release : 1.fc34
URL : https://github.com/gorhill/uBlock
Summary : An efficient blocker for Firefox
Description :
An efficient blocker: easy on memory and CPU footprint, and yet can load and
enforce thousands more filters than other popular blockers out there.
Flexible, it's more than an "ad blocker": it can also read and create filters
from hosts files.
--------------------------------------------------------------------------------
Update Information:
* json-prune doesn't remove all properties by full wildcard * Remove advanced
setting `ignoreScriptInjectFilters` * Finalize 3rd-party scripts/frames mini-
filtering widget * Remove advanced setting `ignoreRedirectFilters` * Fix regex
used to extract attribute name in element picker * Add support for removal of
response headers
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 23 2021 Dominik Mierzejewski <rpm(a)greysector.net> - 1.35.0-1
- update to 1.35.0 (#1946869)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1946869 - mozilla-ublock-origin-1.35.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1946869
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-c08b5c3003' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
Fedora 32 Update: snappy-java-1.1.2.4-19.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-21bb326a2d
2021-04-29 01:21:37.105153
--------------------------------------------------------------------------------
Name : snappy-java
Product : Fedora 32
Version : 1.1.2.4
Release : 19.fc32
URL : http://xerial.org/snappy-java/
Summary : Fast compressor/decompresser
Description :
A Java port of the snappy, a fast compresser/decompresser written in C++.
--------------------------------------------------------------------------------
Update Information:
Remove problematic files from upstream tarball.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 26 2021 Fabio Valentini <decathorpe(a)gmail.com> - 1.1.2.4-19
- Vacuum problematic files from upstream tarball.
* Wed Jan 27 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2.4-18
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jul 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.2.4-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Sat Jul 11 2020 Jiri Vanek <jvanek(a)redhat.com> - 1.1.2.4-16
- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11
* Fri Jun 19 2020 Mat Booth <mat.booth(a)redhat.com> - 1.1.2.4-15
- Allow building against Java 11
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-21bb326a2d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
Fedora 32 Update: libretls-3.3.2-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-2d3badb52c
2021-04-29 01:21:37.105143
--------------------------------------------------------------------------------
Name : libretls
Product : Fedora 32
Version : 3.3.2
Release : 1.fc32
URL : https://git.causal.agency/libretls/about/
Summary : Port of libtls from LibreSSL to OpenSSL
Description :
LibreTLS is a port of libtls from LibreSSL to OpenSSL. OpenBSD's libtls is a
new TLS library, designed to make it easier to write foolproof applications.
--------------------------------------------------------------------------------
Update Information:
- Upgrade to 3.3.2 (#1952200)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Robert Scheck <robert(a)fedoraproject.org> 3.3.2-1
- Upgrade to 3.3.2 (#1952200)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1952200 - libretls-3.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1952200
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-2d3badb52c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
Fedora 32 Update: libzia-4.28-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-29a3cc3775
2021-04-29 01:21:37.105133
--------------------------------------------------------------------------------
Name : libzia
Product : Fedora 32
Version : 4.28
Release : 1.fc32
URL : http://tucnak.nagano.cz/
Summary : Platform abstraction layer for the tucnak package
Description :
Platform abstraction layer for the tucnak package.
--------------------------------------------------------------------------------
Update Information:
This is an update of Tucnak. ---- This is new version of Tucnak.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.28-1
- New version
Related: rhbz#1952087
* Wed Apr 14 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.27-1
- New version
Related: rhbz#1949451
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-29a3cc3775' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
Fedora 32 Update: tucnak-4.28-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-29a3cc3775
2021-04-29 01:21:37.105133
--------------------------------------------------------------------------------
Name : tucnak
Product : Fedora 32
Version : 4.28
Release : 1.fc32
URL : http://tucnak.nagano.cz/
Summary : VHF contest logging program
Description :
Tucnak is VHF/UHF/SHF log for hamradio contests. It supports multi
bands, free input, networking, voice and CW keyer, WWL database and
much more.
--------------------------------------------------------------------------------
Update Information:
This is an update of Tucnak. ---- This is new version of Tucnak.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.28-1
- New version
Resolves: rhbz#1952087
* Wed Apr 14 2021 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.27-1
- New version
Resolves: rhbz#1949451
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-29a3cc3775' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
Fedora 32 Update: perl-CPAN-Perl-Releases-5.20210420-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-7fb045a26a
2021-04-29 01:21:37.105113
--------------------------------------------------------------------------------
Name : perl-CPAN-Perl-Releases
Product : Fedora 32
Version : 5.20210420
Release : 1.fc32
URL : https://metacpan.org/release/CPAN-Perl-Releases
Summary : Mapping Perl releases on CPAN to the location of the tarballs
Description :
CPAN::Perl::Releases is a module that contains the mappings of all perl
releases that have been uploaded to CPAN to the authors/id/ path that the
tarballs reside in.
--------------------------------------------------------------------------------
Update Information:
Updated for v5.33.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Jitka Plesnikova <jplesnik(a)redhat.com> - 5.20210420-1
- 5.20210420 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1951972 - perl-CPAN-Perl-Releases-5.20210420 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1951972
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-7fb045a26a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
[SECURITY] Fedora 32 Update: nginx-1.20.0-2.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-1556d440ba
2021-04-29 01:21:37.105123
--------------------------------------------------------------------------------
Name : nginx
Product : Fedora 32
Version : 1.20.0
Release : 2.fc32
URL : https://nginx.org
Summary : A high performance web server and reverse proxy server
Description :
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and
IMAP protocols, with a strong focus on high concurrency, performance and low
memory usage.
--------------------------------------------------------------------------------
Update Information:
Note that the ownership of log files has changed to `root:root` and the mode
changed to `700` (from `770`) to address CVE-2016-1247. This should not affect
general operation, as this is the default for log directories and also what
httpd uses but if you use external tools to process the log files you may want
to check continued operation after this update. Upstream changelog:
[nginx-1.20.0](http://nginx.org/en/download.html) stable version has been
released, incorporating new features and bug fixes from the 1.19.x mainline
branch ��� including [OCSP
validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of
client SSL certificates, the [ssl_reject_handshake](http://nginx.org/en/docs/htt
p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n
ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives,
simplified and improved handling of HTTP/2 connections with the [lingering_close
](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee
palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k...
e_timeout), and [keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core
_module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o
rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter
handling of upstream server responses, [cookie flags](http://nginx.org/en/docs/h
ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing
based on the [minimum amount of free space](http://nginx.org/en/docs/http/ngx_ht
tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from
clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr...
and [to backend servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm
l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx
.org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the
[set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in
the stream module, and more. ----
[nginx-1.20.0](http://nginx.org/en/download.html) stable version has been
released, incorporating new features and bug fixes from the 1.19.x mainline
branch ��� including [OCSP
validation](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_ocsp) of
client SSL certificates, the [ssl_reject_handshake](http://nginx.org/en/docs/htt
p/ngx_http_ssl_module.html#ssl_reject_handshake) and [ssl_conf_command](http://n
ginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command) directives,
simplified and improved handling of HTTP/2 connections with the [lingering_close
](http://nginx.org/en/docs/http/ngx_http_core_module.html#lingering_close), [kee
palive_timeout](http://nginx.org/en/docs/http/ngx_http_core_module.html#k...
e_timeout), and [keepalive_requests](http://nginx.org/en/docs/http/ngx_http_core
_module.html#keepalive_requests) directives, the [keepalive_time](http://nginx.o
rg/en/docs/http/ngx_http_core_module.html#keepalive_time) directive, stricter
handling of upstream server responses, [cookie flags](http://nginx.org/en/docs/h
ttp/ngx_http_proxy_module.html#proxy_cookie_flags) handling, cache clearing
based on the [minimum amount of free space](http://nginx.org/en/docs/http/ngx_ht
tp_proxy_module.html#proxy_cache_path_max_size), PROXY protocol support [from
clients](http://nginx.org/en/docs/mail/ngx_mail_core_module.html#proxy_pr...
and [to backend servers](http://nginx.org/en/docs/mail/ngx_mail_proxy_module.htm
l#proxy_protocol) in the mail proxy, [proxying SMTP authentication](http://nginx
.org/en/docs/mail/ngx_mail_proxy_module.html#proxy_smtp_auth), the
[set](http://nginx.org/en/docs/stream/ngx_stream_set_module.html) directive in
the stream module, and more.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.20.0-2
- sync rawhide and EPEL7 spec files again
- systemd service reload now checks config file (rhbz#1565377)
- drop nginx requirement on nginx-all-modules (rhbz#1708799)
- let nginx handle log creation on logrotate (rhbz#1683388)
- have log directory owned by root (rhbz#1390183, CVE-2016-1247)
- remove obsolete --with-ipv6 (src PR#8)
- correction: pcre2 is actually not supported by nginx, reintroduce pcre
* Wed Apr 21 2021 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.20.0-1
- update to 1.20.0
- sync with mainline spec file
- order configure options alphabetically for easier comparinggit
- add --with-compat option (rhbz#1834452)
- add patch to fix PIDFile race condition (rhbz#1869026)
- use pcre2 instead of pcre (rhbz#1938984)
- add Wants=network-online.target to systemd unit (rhbz#1943779)
* Mon Feb 22 2021 Lubos Uhliarik <luhliari(a)redhat.com> - 1:1.18.0-5
- Resolves: #1931402 - drop gperftools module
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.18.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:1.18.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon Jun 22 2020 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:1.18.0-2
- Perl 5.32 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1390183 - CVE-2016-1247 nginx: Local privilege escalation via log files [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1390183
[ 2 ] Bug #1565377 - Service reload should check configuration file
https://bugzilla.redhat.com/show_bug.cgi?id=1565377
[ 3 ] Bug #1683388 - Log file ownership created by logrotate inconsistent with the one created by systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1683388
[ 4 ] Bug #1708799 - Drop nginx requirement on nginx-all-modules
https://bugzilla.redhat.com/show_bug.cgi?id=1708799
[ 5 ] Bug #1834452 - Enable --with-compat configure option
https://bugzilla.redhat.com/show_bug.cgi?id=1834452
[ 6 ] Bug #1869026 - nginx.service fails to parse /run/nginx.pid
https://bugzilla.redhat.com/show_bug.cgi?id=1869026
[ 7 ] Bug #1943779 - nginx.service wants wrong network target - causes race condition on boot
https://bugzilla.redhat.com/show_bug.cgi?id=1943779
[ 8 ] Bug #1944738 - nginx-1.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1944738
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-1556d440ba' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
[SECURITY] Fedora 32 Update: jetty-9.4.40-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-444e38face
2021-04-29 01:21:37.105103
--------------------------------------------------------------------------------
Name : jetty
Product : Fedora 32
Version : 9.4.40
Release : 1.fc32
URL : http://www.eclipse.org/jetty/
Summary : Java Webserver and Servlet Container
Description :
Jetty is a 100% Java HTTP Server and Servlet Container. This means that you
do not need to configure and run a separate web server (like Apache) in order
to use Java, servlets and JSPs to generate dynamic content. Jetty is a fully
featured web server for static and dynamic content. Unlike separate
server/container solutions, this means that your web server and web
application run in the same process, without interconnection overheads
and complications. Furthermore, as a pure java component, Jetty can be simply
included in your application for demonstration, distribution or deployment.
Jetty is available on all Java supported platforms.
--------------------------------------------------------------------------------
Update Information:
Update to Jetty 9.4.40 (fixes multiple CVEs)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 Alexander Kurtakov <akurtako(a)redhat.com> 9.4.40-1
- Update to Jetty 9.4.40 (fixes multiple CVEs)
* Mon Mar 29 2021 Alexander Kurtakov <akurtako(a)redhat.com> 9.4.38-1
- Update to Jetty 9.4.38
* Tue Jan 26 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 9.4.36-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Mat Booth <mat.booth(a)redhat.com> - 9.4.36-1
- Update to latest upstream release
* Wed Oct 28 2020 Mat Booth <mat.booth(a)redhat.com> - 9.4.33-1
- Update to latest upstream release
* Wed Aug 19 2020 Mat Booth <mat.booth(a)redhat.com> - 9.4.31-3
- Rebuild to regenerate OSGi metadata for dependency on servlet-api
- Add patch to build against new APIs in servlet 4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents
https://bugzilla.redhat.com/show_bug.cgi?id=1945710
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-444e38face' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
[SECURITY] Fedora 32 Update: ceph-14.2.20-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-168fbed46f
2021-04-29 01:21:37.105094
--------------------------------------------------------------------------------
Name : ceph
Product : Fedora 32
Version : 14.2.20
Release : 1.fc32
URL : http://ceph.com/
Summary : User space components of the Ceph file system
Description :
Ceph is a massively scalable, open-source, distributed storage system that runs
on commodity hardware and delivers object, block and file system storage.
--------------------------------------------------------------------------------
Update Information:
ceph 14.2.20 GA Security fix for CVE-2021-20288 bugs=1938031,1952085
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 20 2021 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 2:14.2.20-1
- ceph 14.2.20 GA
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1952085 - CVE-2021-20288 ceph: Unauthorized global_id reuse in cephx [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1952085
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-168fbed46f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months
[SECURITY] Fedora 32 Update: openvpn-2.4.11-1.fc32
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-d6b9d8497b
2021-04-29 01:21:37.105073
--------------------------------------------------------------------------------
Name : openvpn
Product : Fedora 32
Version : 2.4.11
Release : 1.fc32
URL : https://community.openvpn.net/
Summary : A full-featured SSL VPN solution
Description :
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.
--------------------------------------------------------------------------------
Update Information:
Security update - OpenVPN 2.5.1 and earlier versions allows a remote attackers
to bypass authentication and access control channel data on servers configured
with deferred authentication, which can be used to potentially trigger further
information leaks. (CVE-2020-15078)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 21 2021 David Sommerseth <davids(a)openvpn.net> - 2.4.11-1
- Update to upstream OpenVPN 2.4.11
- Fixes CVE-2020-15078
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-d6b9d8497b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
2 years, 12 months