[SECURITY] Fedora 38 Update: mingw-poppler-23.02.0-2.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-4eff9e2cd6
2023-11-30 03:33:42.162727
--------------------------------------------------------------------------------
Name : mingw-poppler
Product : Fedora 38
Version : 23.02.0
Release : 2.fc38
URL : http://poppler.freedesktop.org/
Summary : MinGW Windows Poppler library
Description :
MinGW Windows Poppler library.
--------------------------------------------------------------------------------
Update Information:
Backport fix for CVE-2023-34872.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Sandro Mani <manisandro(a)gmail.com> - 23.02.0-2
- Backport patch for CVE-2023-34872
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2250822 - CVE-2023-34872 mingw-poppler: poppler: Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2250822
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-4eff9e2cd6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: python-pypandoc-1.12.post318-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-91efa0ce8f
2023-11-30 03:33:42.162718
--------------------------------------------------------------------------------
Name : python-pypandoc
Product : Fedora 38
Version : 1.12.post318
Release : 1.fc38
URL : https://github.com/bebraw/pypandoc
Summary : Thin wrapper for pandoc
Description :
pypandoc provides a thin Python wrapper for pandoc, a universal document
converter, allowing parsing and conversion of pandoc-formatted text.
--------------------------------------------------------------------------------
Update Information:
Latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.12.post318-1
- Version 1.12.post318 (rhbz#2244679)
* Tue Nov 21 2023 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.11-1
- Version 1.11 (rhbz#2129434, rhbz#2174872)
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-91efa0ce8f' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: php-8.2.13-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-0482054a20
2023-11-30 03:33:42.162710
--------------------------------------------------------------------------------
Name : php
Product : Fedora 38
Version : 8.2.13
Release : 1.fc38
URL : http://www.php.net/
Summary : PHP scripting language for creating dynamic web sites
Description :
PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.
--------------------------------------------------------------------------------
Update Information:
**PHP version 8.2.13** (23 Nov 2023) **Core:** * Fixed double-free of non-
interned enum case name. (ilutov) * Fixed bug
[GH-12457](https://github.com/php/php-src/issues/12457) (Incorrect result of
stripos with single character needle). (SakiTakamachi) * Fixed bug
[GH-12468](https://github.com/php/php-src/issues/12468) (Double-free of
doc_comment when overriding static property via trait). (ilutov) * Fixed
segfault caused by weak references to FFI objects. (sj-i) * Fixed
max_execution_time: don't delete an unitialized timer. (K��vin Dunglas) * Fixed
bug [GH-12558](https://github.com/php/php-src/issues/12558) (Arginfo soft-breaks
with namespaced class return type if the class name starts with N). (kocsismate)
**DOM:** * Fix registerNodeClass with abstract class crashing. (nielsdos) * Add
missing NULL pointer error check. (icy17) * Fix validation logic of
php:function() callbacks. (nielsdos) **Fiber:** * Fixed bug
[GH-11121](https://github.com/php/php-src/issues/11121) (ReflectionFiber
segfault). (danog, trowski, bwoebi) **FPM:** * Fixed bug
[GH-9921](https://github.com/php/php-src/issues/9921) (Loading ext in FPM config
does not register module handlers). (Jakub Zelenka) * Fixed bug
[GH-12232](https://github.com/php/php-src/issues/12232) (FPM: segfault
dynamically loading extension without opcache). (Jakub Zelenka) * Fixed bug
php#76922 (FastCGI terminates conn after FCGI_GET_VALUES). (Jakub Zelenka)
**Intl:** * Removed the BC break on IntlDateFormatter::construct which threw an
exception with an invalid locale. (David Carlier) **Opcache:** * Added warning
when JIT cannot be enabled. (danog) * Fixed bug
[GH-8143](https://github.com/php/php-src/issues/8143) (Crashes in
zend_accel_inheritance_cache_find since upgrading to 8.1.3 due to corrupt on-
disk file cache). (turchanov) **OpenSSL:** * Fixed bug
[GH-12489](https://github.com/php/php-src/issues/12489) (Missing sigbio creation
checking in openssl_cms_verify). (Jakub Zelenka) **SOAP:** * Fixed bug
[GH-12392](https://github.com/php/php-src/issues/12392) (Segmentation fault on
SoapClient::__getTypes). (nielsdos) * Fixed bug php#66150 (SOAP WSDL cache race
condition causes Segmentation Fault). (nielsdos) * Fixed bug php#67617 (SOAP
leaves incomplete cache file on ENOSPC). (nielsdos) * Fix incorrect uri check in
SOAP caching. (nielsdos) * Fix segfault and assertion failure with refcounted
props and arrays. (nielsdos) * Fix potential crash with an edge case of
persistent encoders. (nielsdos) * Fixed bug php#75306 (Memleak in SoapClient).
(nielsdos) **Streams:** * Fixed bug php#75708 (getimagesize with "&$imageinfo"
fails on StreamWrappers). (Jakub Zelenka) **XMLReader:** * Add missing NULL
pointer error check. (icy17) **XMLWriter:** * Add missing NULL pointer error
check. (icy17) **XSL:** * Add missing module dependency. (nielsdos) * Fix
validation logic of php:function() callbacks. (nielsdos)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Remi Collet <remi(a)remirepo.net> - 8.2.13-1
- Update to 8.2.13 - http://www.php.net/releases/8_2_13.php
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-0482054a20' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: mozilla-privacy-badger-2023.10.31-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-fa30e33f6a
2023-11-30 03:33:42.162702
--------------------------------------------------------------------------------
Name : mozilla-privacy-badger
Product : Fedora 38
Version : 2023.10.31
Release : 1.fc38
URL : https://www.eff.org/privacybadger
Summary : Protects your privacy by blocking spying ads and invisible trackers
Description :
Privacy Badger is a browser add-on that stops advertisers and other third-party
trackers from secretly tracking where you go and what pages you look at on the
web. If an advertiser seems to be tracking you across multiple websites without
your permission, Privacy Badger automatically blocks that advertiser from
loading any more content in your browser. To the advertiser, it's like you
suddenly disappeared.
--------------------------------------------------------------------------------
Update Information:
* Added widget replacement for embedded Tweets. Privacy Badger replaces
potentially useful widgets with placeholders. These replacements protect privacy
while letting you restore the original widget whenever you want it or need it
for the page to function. * Fixed various site breakages * Improved Brazilian
Portuguese and Swedish translations
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Dominik Mierzejewski <dominik(a)greysector.net> - 2023.10.31-1
- update to 2023.10.31 (#2247503)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2247503 - mozilla-privacy-badger-2023.10.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2247503
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-fa30e33f6a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: mozilla-noscript-11.4.28-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-760adc735a
2023-11-30 03:33:42.162693
--------------------------------------------------------------------------------
Name : mozilla-noscript
Product : Fedora 38
Version : 11.4.28
Release : 1.fc38
URL : http://noscript.net/
Summary : JavaScript white list extension for Mozilla Firefox
Description :
The NoScript extension provides extra protection for Firefox.
It allows JavaScript, Java, Flash and other plug-ins to be executed only by
trusted web sites of your choice (e.g. your online bank) and additionally
provides Anti-XSS protection.
--------------------------------------------------------------------------------
Update Information:
* Prevent URL leaks from media placeholders (thanks NDevTK for report) * [nscl]
Support for in-tree TLDs updates
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Dominik Mierzejewski <dominik(a)greysector.net> - 11.4.28-1
- update to 11.4.28 (#2242773)
- bundled sha256 implementation is gone
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2242773 - mozilla-noscript-11.4.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2242773
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-760adc735a' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: libabigail-2.4-4.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-96c4615a6c
2023-11-30 03:33:42.162685
--------------------------------------------------------------------------------
Name : libabigail
Product : Fedora 38
Version : 2.4
Release : 4.fc38
URL : https://sourceware.org/libabigail/
Summary : Set of ABI analysis tools
Description :
The libabigail package comprises seven command line utilities:
abidiff, kmidiff, abipkgdiff, abicompat, abidw, and abilint.
The abidiff command line tool compares the ABI of two
ELF shared libraries and emits meaningful textual reports about
changes impacting exported functions, variables and their types.
Simarly, the kmidiff compares the kernel module interface of two Linux
kernels. abipkgdiff compares the ABIs of ELF binaries contained in
two packages. abicompat checks if a subsequent version of a shared
library is still compatible with an application that is linked against
it. abidw emits an XML representation of the ABI of a given ELF
shared library. abilint checks that a given XML representation of the
ABI of a shared library is correct.
Install libabigail if you need to compare the ABI of ELF shared
libraries.
--------------------------------------------------------------------------------
Update Information:
Fix SPDX licensing string ---- Fix sourceware.org/PR31017
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 20 2023 Dodji Seketeli <dodji(a)redhat.com> - 2.4-4
- Fix SPDX licensing string
* Wed Nov 15 2023 Dodji Seketeli <dodji(a)redhat.com> - 2.4-3
- Fix sourceware.org/PR31017
"Support Flex array conversion suppression"
Apply patch 0002-suppression-Add-has_strict_flexible_array_data_membe.patch
* Tue Nov 14 2023 Dodji Seketeli <dodji(a)redhat.com> - 2.4-2
- Fix sourceware.org/PR31045
"Don't try setting translation unit for unique types"
Apply patch
0001-Bug-31045-Don-t-try-setting-translation-unit-for-uni.patch.
That patch is applied in upstream mainline and will be available in
libabigail 2.5.
- Use
%setup -q
/usr/bin/git init -q
/usr/bin/git config user.name "rpm-build"
/usr/bin/git config user.email "<rpm-build>"
/usr/bin/git config gc.auto 0
/usr/bin/git add --force .
/usr/bin/git commit -q --allow-empty -a\
--author "rpm-build <rpm-build>" -m "libabigail-2.4 base"
/usr/bin/git checkout --track -b rpm-build
/usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0001-Bug-31045-Don-t-try-setting-translation-unit-for-uni.patch |
/usr/bin/git apply --index --reject -
/usr/bin/git commit -q -m 0001-Bug-31045-Don-t-try-setting-translation-unit-for-uni.patch --author "rpm-build <rpm-build>"
/usr/lib/rpm/rpmuncompress /builddir/build/SOURCES/0002-suppression-Add-has_strict_flexible_array_data_membe.patch |
/usr/bin/git apply --index --reject -
/usr/bin/git commit -q -m 0002-suppression-Add-has_strict_flexible_array_data_membe.patch --author "rpm-build <rpm-build>"
- Add git as a build requirement
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #31017 - AMI Megaraid driver problem
https://bugzilla.redhat.com/show_bug.cgi?id=31017
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-96c4615a6c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: distrobox-1.6.0.1-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-4190293d69
2023-11-30 03:33:42.162677
--------------------------------------------------------------------------------
Name : distrobox
Product : Fedora 38
Version : 1.6.0.1
Release : 1.fc38
URL : https://github.com/89luca89/distrobox
Summary : Another tool for containerized command line environments on Linux
Description :
Use any linux distribution inside your terminal. Distrobox uses podman
or docker to create containers using the linux distribution of your
choice. Created container will be tightly integrated with the host,
allowing to share the HOME directory of the user, external storage,
external usb devices and graphical apps (X11/Wayland) and audio.
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.0.1 ---- Update to 1.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 21 2023 Alessio <alciregi(a)fedoraproject.org> - 1.6.0.1-1
- Update to 1.6.0.1
* Mon Nov 20 2023 Alessio <alciregi(a)fedoraproject.org> - 1.6.0-1
- Update to 1.6.0
* Wed Jul 19 2023 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.5.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-4190293d69' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: ghc-rpm-macros-2.6.5-1.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-77f0be1eca
2023-11-30 03:33:42.162668
--------------------------------------------------------------------------------
Name : ghc-rpm-macros
Product : Fedora 38
Version : 2.6.5
Release : 1.fc38
URL : https://src.fedoraproject.org/rpms/ghc-rpm-macros/
Summary : RPM macros for building Haskell packages for GHC
Description :
A set of macros for building GHC packages following the Haskell Guidelines
of the Fedora Haskell SIG.
--------------------------------------------------------------------------------
Update Information:
ghc9.8: - rebuild with ghc-rpm-macros-2.6.5 to fix prof deps (thanks mimi1vx)
ghc-rpm-macros: - ghc-deps.sh: ghc-9.8 prof fixes adapted from mimi1vx
(opensuse) - improve ghc-info.sh with a show mode
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 12 2023 Jens Petersen <petersen(a)redhat.com> - 2.6.5-1
- ghc-deps.sh: ghc-9.8 prof fixes adapted from mimi1vx (opensuse)
- improve ghc-info.sh with a show mode
* Thu Nov 9 2023 Jens Petersen <petersen(a)redhat.com> - 2.6.4-1
- fix my flatpak comments
* Mon Oct 30 2023 Yaakov Selkowitz <yselkowi(a)redhat.com> - 2.6.3-1
- Fix flatpak builds
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-77f0be1eca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: ghc9.8-9.8.1-2.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-77f0be1eca
2023-11-30 03:33:42.162668
--------------------------------------------------------------------------------
Name : ghc9.8
Product : Fedora 38
Version : 9.8.1
Release : 2.fc38
URL : https://haskell.org/ghc/
Summary : Glasgow Haskell Compiler
Description :
GHC is a state-of-the-art, open source, compiler and interactive environment
for the functional language Haskell. Highlights:
- GHC supports the entire Haskell 2010 language plus a wide variety of
extensions.
- GHC has particularly good support for concurrency and parallelism,
including support for Software Transactional Memory (STM).
- GHC generates fast code, particularly for concurrent programs.
Take a look at GHC's performance on The Computer Language Benchmarks Game.
- GHC works on several platforms including Windows, Mac, Linux,
most varieties of Unix, and several different processor architectures.
- GHC has extensive optimisation capabilities, including inter-module
optimisation.
- GHC compiles Haskell code either directly to native code or using LLVM
as a back-end. GHC can also generate C code as an intermediate target for
porting to new platforms. The interactive environment compiles Haskell to
bytecode, and supports execution of mixed bytecode/compiled programs.
- Profiling is supported, both by time/allocation and various kinds of heap
profiling.
- GHC comes with several libraries, and thousands more are available on Hackage.
--------------------------------------------------------------------------------
Update Information:
ghc9.8: - rebuild with ghc-rpm-macros-2.6.5 to fix prof deps (thanks mimi1vx)
ghc-rpm-macros: - ghc-deps.sh: ghc-9.8 prof fixes adapted from mimi1vx
(opensuse) - improve ghc-info.sh with a show mode
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 12 2023 Jens Petersen <petersen(a)redhat.com> - 9.8.1-2
- rebuild with ghc-rpm-macros-2.6.5 to fix prof deps (thanks mimi1vx)
* Thu Oct 26 2023 Jens Petersen <petersen(a)redhat.com> - 9.8.1-1
- https://downloads.haskell.org/ghc/9.8.1/docs/users_guide/9.8.1-notes.html
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-77f0be1eca' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks
Fedora 38 Update: SoQt-1.6.0-13.fc38
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-2fa7f58f7d
2023-11-30 03:33:42.162659
--------------------------------------------------------------------------------
Name : SoQt
Product : Fedora 38
Version : 1.6.0
Release : 13.fc38
URL : http://www.coin3d.org
Summary : High-level 3D visualization library
Description :
SoQt is a Qt GUI component toolkit library for Coin. It is also compatible
with SGI and TGS Open Inventor, and the API is based on the API of the
InventorXt GUI component toolkit.
--------------------------------------------------------------------------------
Update Information:
Update to Coin 4.0.1.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 20 2023 Richard Shaw <hobbes1069(a)gmail.com> - 1.6.0-13
- Rebuild for Coin4.
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-2fa7f58f7d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
5 months, 3 weeks