The following Fedora 35 Security updates need testing:
Age URL
241
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-58055cb1ef
nodejs-16.17.1-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c68d90efc3 expat-2.4.9-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1454bee2fa
thunderbird-102.3.1-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f8ec1c06a3
poppler-21.08.0-3.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b8b34e62ab
python3.6-3.6.15-6.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c9c086b06f
wavpack-5.5.0-2.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-85a85c84b3
mod_security-2.9.6-1.fc35 mod_security_crs-3.3.4-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2ff503c5d4
apptainer-1.1.2-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
60
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
24
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a
libblockdev-2.28-2.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cd0501fc8f
ima-evm-utils-1.3.2-4.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53d671cb30 rsync-3.2.6-2.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1454bee2fa
thunderbird-102.3.1-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bdc70ae90d
linux-firmware-20220913-140.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c68d90efc3 expat-2.4.9-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-55648ecee1
samba-4.15.10-0.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-008f09ea1f
ansible-2.9.27-4.fc35 ansible-packaging-1-8.1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-790d59287e
libmaxminddb-1.7.1-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-41293eb782
hwdata-0.363-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c8ba391ec2 glibc-2.34-43.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-53a5ba99d4
chkconfig-1.21-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f8ec1c06a3
poppler-21.08.0-3.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fbfafc9885
ipset-7.15-5.fc35.1
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f02122afc2
firefox-105.0.2-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c9c086b06f
wavpack-5.5.0-2.fc35
The following builds have been pushed to Fedora 35 updates-testing
cpuid-20221003-1.fc35
git-archive-all-1.23.1-1.fc35
ibus-typing-booster-2.19.2-1.fc35
lua-expat-1.5.0-1.fc35
oz-0.18.1-5.fc35
php-phpmailer6-6.6.5-1.fc35
python-patsy-0.5.3-1.fc35
python-tabulate-0.8.10-10.fc35
rpkg-1.65-3.fc35
rpmconf-1.1.7-1.fc35.1
scala-2.13.10-1.fc35
Details about builds:
================================================================================
cpuid-20221003-1.fc35 (FEDORA-2022-89261a3c66)
Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 20221003 (closes rhbz#2131725)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Fabian Affolter <mail(a)fabian-affolter.ch> 20221003-1
- Update to latest upstream release 20221003 (closes rhbz#2131725)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2131725 - cpuid-20221003.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=2131725
--------------------------------------------------------------------------------
================================================================================
git-archive-all-1.23.1-1.fc35 (FEDORA-2022-eebb975353)
Archive git repository with its submodules
--------------------------------------------------------------------------------
Update Information:
Include typing information in PyPI and source distributions.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 9 2022 Richard Shaw <hobbes1069(a)gmail.com> - 1.23.1-1
- Update to 1.23.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2131826 - git-archive-all-1.23.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2131826
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.19.2-1.fc35 (FEDORA-2022-7ea9c97d79)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update to 2.19.2 Do not commit by index when OSK is visible (Resolves:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5865) Translation update
from Weblate (sw 100% complete) ---- Update to 2.19.1 Update emoji annotations
from CLDR Make search for input methods which contain uppercase in their names
work (Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/387)
Translation update from Weblate (bn 73.8% complete)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 9 2022 Mike FABIAN <mfabian(a)redhat.com> - 2.19.2-1
- Update to 2.19.2
- Do not commit by index when OSK is visible
(Resolves:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5865)
- Translation update from Weblate (sw 100% complete)
* Wed Oct 5 2022 Mike FABIAN <mfabian(a)redhat.com> - 2.19.1-1
- Update to 2.19.1
- Update emoji annotations from CLDR
- Make search for input methods which contain uppercase in their names work
(Resolves:
https://github.com/mike-fabian/ibus-typing-booster/issues/387)
- Translation update from Weblate (bn 73.8% complete)
--------------------------------------------------------------------------------
================================================================================
lua-expat-1.5.0-1.fc35 (FEDORA-2022-4d7f7c1f82)
SAX XML parser based on the Expat library
--------------------------------------------------------------------------------
Update Information:
# LuaExpat 1.5.0 * Warning: this update requires a minimum libexpat version
of 2.4.0. Though at the time of writing a minimum version of 2.4.6 is
recommended [due to CVEs
fixed](https://www.cvedetails.com/vulnerability-
list.php?vendor_id=16735) in the intermediate versions. * Added option
`allowDTD` to the threat protection parser. * Add configuration for Billion
Laughs Attack prevention. This includes adding `#include "expat_config.h"`,
since these functions are conditionally included in the exposed API of Expat.
This means that LuaExpat will now be compiled using the same options used to
compile Expat itself. * Expose Expat compile time constants
(`lxp._EXPAT_FEATURES`), see [Expat
documentation](https://libexpat.github.io/doc/api/latest/#XML_GetFeatureList).
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
oz-0.18.1-5.fc35 (FEDORA-2022-8e0094ccad)
Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:
Backport upstream patch to fix image generation on aarch64
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 3 2022 Stephen Gallagher <sgallagh(a)redhat.com> - 0.18.1-5
- Backport upstream patch to enable the USB controller on aarch64
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.18.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.18.1-3
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
php-phpmailer6-6.6.5-1.fc35 (FEDORA-2022-650ca41399)
Full-featured email creation and transfer class for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 6.6.5** (October 7th, 2022) * Don't try to issue RSET if there has
been a connection error * Reject attempts to add folders as attachments * Don't
suppress earlier error messages on close() * Handle Host === null better *
Update Danish and Polish translations * Change recommendation for Microsoft
OAuth package to thenetworg/oauth2-azure * Bump some GitHub action versions
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Remi Collet <remi(a)remirepo.net> - 6.6.5-1
- update to 6.6.5
--------------------------------------------------------------------------------
================================================================================
python-patsy-0.5.3-1.fc35 (FEDORA-2022-36745b49fc)
Describing statistical models in Python using symbolic formulas
--------------------------------------------------------------------------------
Update Information:
Update to 0.5.3: formal support for Python 3.10 and 3.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.5.3-1
- Update to 0.5.3 (close RHBZ#2133307)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2133307 - python-patsy-0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2133307
--------------------------------------------------------------------------------
================================================================================
python-tabulate-0.8.10-10.fc35 (FEDORA-2022-8f05adcff8)
Pretty-print tabular data in Python, a library and a command-line utility
--------------------------------------------------------------------------------
Update Information:
Add a man page; various minor packaging enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 7 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 0.8.10-2
- Use pyproject-rpm-macros
- Adjust packaged documentation files
- Run doctests; see tox.ini, not in the sdist
- Tidy up package description
- Switch URL from PyPI project to GitHub project
- Add a man page
--------------------------------------------------------------------------------
================================================================================
rpkg-1.65-3.fc35 (FEDORA-2022-d3ee71263e)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
Some patches: - Fixes for exploded SRPM layouts - mockbuild: escape rpm command
under mock
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Ond��ej Nosek <onosek(a)redhat.com> - 1.65-3
- Patch: Fixes for exploded SRPM layouts
- Patch: mockbuild: escape rpm command under mock
--------------------------------------------------------------------------------
================================================================================
rpmconf-1.1.7-1.fc35.1 (FEDORA-2022-10767d096a)
Tool to handle rpmnew and rpmsave files
--------------------------------------------------------------------------------
Update Information:
exclude '/var/run' and do not infinitely loops.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.1.7-1.1
- 133273] - avoid loops during clean action
* Tue Oct 4 2022 msuchy <msuchy(a)redhat.com> - 1.1.6-2.1
- rebuilt
* Tue Oct 4 2022 msuchy <msuchy(a)redhat.com> - 1.1.6-1.1
- rebuilt
* Mon Aug 29 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.1.6-1
- Automatic commit of package [rpmconf] release [1.1.5-1].
- Create codeql-analysis.yml
* Thu Aug 25 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.1.5-1
- typo
- add distribution buttons
- master to main in releasers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2133273 - rpmconf -c check all directories because of /var/run/host symlink
https://bugzilla.redhat.com/show_bug.cgi?id=2133273
--------------------------------------------------------------------------------
================================================================================
scala-2.13.10-1.fc35 (FEDORA-2022-ac6ee31951)
Hybrid functional/object-oriented language for the JVM
--------------------------------------------------------------------------------
Update Information:
After release, it was discovered that Scala 2.13.9 has a regression, primarily
affecting library maintainers, where binary-incompatible bytecode is emitted for
case classes which are also value classes (`case class ... extends AnyVal`).
Version 2.13.10 addresses this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 10 2022 Jerry James <loganjerry(a)gmail.com> - 2.13.10-1
- Version 2.13.10
- Remove font dependencies from main package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2133231 - scala-2.13.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2133231
--------------------------------------------------------------------------------