The following Fedora 36 Security updates need testing:
Age URL
35
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3f20cdb0eb
booth-1.0-262.2.d0ac26c.git.fc36
31
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f94f770b56
ghostscript-9.56.1-1.fc36
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b9ef7c3c3c
subscription-manager-cockpit-4-1.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-50e8a1b51d
libtar-1.2.20-25.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-47484afa15
tcpreplay-4.4.2-1.fc36
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-52d0032596
rubygem-puma-5.5.2-3.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f9a8388e62 exim-4.96-2.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6813a0eb99
autotrace-0.31.9-1.fc36
The following Fedora 36 Critical Path updates have yet to be approved:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-eda09579ab
s390utils-2.23.0-1.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-84e8c5efde glibc-2.35-16.fc36
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-610322a65f ipset-7.15-5.fc36
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-38099c7b10 pungi-4.3.6-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3e63844f24
redhat-rpm-config-222-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-cc7ca2cdad
osinfo-db-20220830-1.fc36
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e63fe833f9 fwupd-1.8.4-2.fc36
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-68cec52cee git-2.37.3-1.fc36
The following builds have been pushed to Fedora 36 updates-testing
FAudio-22.09-1.fc36
OpenImageIO-2.3.19.0-1.fc36
archlinux-keyring-20220831-3.fc36
baresip-2.7.0-1.fc36
castxml-0.4.6-1.fc36
cloudcompare-2.11.3-4.fc36
fotoxx-22.31-1.fc36
golang-github-uber-tally-4.1.2-2.fc36
ibus-typing-booster-2.18.10-1.fc36
legendary-0.20.28-1.fc36
libre-2.7.0-1.fc36
librem-2.7.0-1.fc36
mediawiki-1.37.4-1.fc36
muffin-5.2.1-2.fc36
perl-Test2-Harness-1.0.127-1.fc36
python-gnupg-0.5.0-1.fc36
python-janus-1.0.0-2.fc36
python-name-that-hash-1.10-6.fc36
python-ovh-1.0.0-2.fc36
qt5-qtwebengine-5.15.10-1.fc36
rust-wezterm-dynamic-0.1.0-1.fc36
vim-9.0.348-1.fc36
Details about builds:
================================================================================
FAudio-22.09-1.fc36 (FEDORA-2022-3dcf5144fa)
FNA is a reimplementation of the Microsoft XNA Game Studio 4.0 Refresh libraries
--------------------------------------------------------------------------------
Update Information:
New Features: Update to SDL 2.24. This has been made a hard requirement, as
it fixes/adds way too much to ignore: 2.1 and 4.1 audio is now supported
On Windows, we now prioritize DirectSound over WASAPI The PulseAudio
samples hack has been removed The non-power-of-two samples hack for
Emscripten/OSS has also been removed GetDeviceDetails(0) now uses
SDL_GetDefaultAudioInfo, obsoleting our hack
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Michael Cronenworth <mike(a)cchtml.com> - 22.09-1
- Update to 22.09
* Thu Aug 25 2022 Michael Cronenworth <mike(a)cchtml.com> - 22.08-2
- Include MinGW debuginfo packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123511 - FAudio-22.09 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123511
--------------------------------------------------------------------------------
================================================================================
OpenImageIO-2.3.19.0-1.fc36 (FEDORA-2022-d88847e086)
Library for reading and writing images
--------------------------------------------------------------------------------
Update Information:
See release notes:
https://github.com/OpenImageIO/oiio/releases/tag/v2.3.19.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Richard Shaw <hobbes1069(a)gmail.com> - 2.3.19.0-1
- Update to 2.3.19.0.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123296 - OpenImageIO-2.3.19.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123296
--------------------------------------------------------------------------------
================================================================================
archlinux-keyring-20220831-3.fc36 (FEDORA-2022-b10e9376eb)
GPG keys used by Arch distribution to sign packages
--------------------------------------------------------------------------------
Update Information:
Version 20220831 (#2122898)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Frantisek Sumsal <frantisek(a)sumsal.cz> 20220831-3
- Actually build-require systemd
* Thu Sep 1 2022 Frantisek Sumsal <frantisek(a)sumsal.cz> 20220831-2
- Build-require systemd-rpm-macros for %{_unitdir}
* Thu Sep 1 2022 Frantisek Sumsal <frantisek(a)sumsal.cz> 20220831-1
- Version 20220831 (#2122898)
* Thu Sep 1 2022 Frantisek Sumsal <frantisek(a)sumsal.cz> 20220727-2
- version-update: allow overriding the default FAS username
--------------------------------------------------------------------------------
================================================================================
baresip-2.7.0-1.fc36 (FEDORA-2022-becced843a)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
# Baresip v2.7.0 (2022-09-01) - menu: fix `menu_ua_carg` data preference -
call: remember media dir for established state - avformat: fix ffmpeg
`channel_layout` deprecation - cmake: add multicast module - play: ring tone
fixes if `file_ausrc` is set - add peerconnection and mediatrack -
main,test: close re async before `tmr_debug` - http: new file for HTTP
functions - http: add `http_reply_json()` - play: `tmr_polling` has to check
if `ausrc` is used - cmake: use object instead of static for modules - [WIP]
import baresip-webrtc - FindAMR.cmake fixes/improvements - cmake: fix
modules install path and install share files - hook up webrtc to main cmake
file - avformat: check shared for both audio+video - cmake: add V4L2 module
- Omx remove - cmake: add directfb module - main,webrtc/main: add
`re_thread_async_init` - cmake: add wincons and winwave modules - cmake: add
sndfile module - Mention actual GTK+ 3 usage (instead of 2) in `README.md` -
ctrl_tcp: change unsafe operations on an mbuf to the safe mbuf interface -
gzrtp: Call event hander when SAS needs to be verified - Generate also
`MENC_EVENT_PEER_VERIFIED` event - gzrtp: Generate only one
`MENC_EVENT_PEER_VERIFIED` event when all streams are verified - config,net:
add `use_getaddrinfo`/`dns_getaddrinfo` option - cmake: `add_compile_options`
and use re config - cmake/modules: build syslog only if available - cmake:
add selftest - cmake: add win32 linklibs - cmake: add mqtt - Improve C11
cchecks - Added cmake of gzrtp module - Gzrtp cmake - Added cmake of
webrtc_aecm module - Suppressed unused var warnings in webrtc_aecm module -
call: do not set call state to answered, if session progress (PRACK) # librem
v2.7.0 (2022-09-01) - cmake: add FindRE and use `re-config.cmake` for
definitions - Fixed prefix in Debian `librem.pc` # librem v2.7.0 (2022-09-01)
- async: add `re_thread_async` - atomic: Add support for gcc `__sync`
intrinsics - btrace: fix gcc 4.3.5 warnings - h264: fix gcc 4.3.5 warnings
- async: add guard - dns/client: add async `getaddrinfo` usage - async: make
work handler and callback optional - Add a state update action to the main
loop to unblock polling if another thread has affected the state - dns,net:
fix build of `asyn_getaddrinfo` on gcc 4.3.5 - dns/client: fix `getaddrinfo`
duplicates - http/client: fix `dnsc_conf` initialization - tmr:
`tmr_start_dbg` use const char for file arg - base64: Encoding/Decoding with
URL and Filename Safe Alphabet - misc: fix c11 err handling - cmake: move
definitions to `re-config.cmake` - ci/mingw: fix make retest - cmake: add
pkgconfig - Fix error: `NI_MAXSERV` undeclared - Fix error: storage size of
`ifrr` isn���t known - ci/musl: add alpine/musl build - Correctly update local
media format ids to match those in the offer - debian: fix prefix
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.7.0-1
- Upgrade to 2.7.0 (#2123475)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123475 - baresip-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123475
[ 2 ] Bug #2123484 - librem-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123484
--------------------------------------------------------------------------------
================================================================================
castxml-0.4.6-1.fc36 (FEDORA-2022-b265fafd06)
C-family abstract syntax tree XML output tool
--------------------------------------------------------------------------------
Update Information:
CastXML 0.4.6
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.4.6-1
- Update to version 0.4.6
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri May 20 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 0.4.5-2
- Rebuild for llvm/clang 13 (EPEL 8)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123195 - castxml-0.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123195
--------------------------------------------------------------------------------
================================================================================
cloudcompare-2.11.3-4.fc36 (FEDORA-2022-8d01b8b6d3)
3D point cloud and mesh processing software
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-21897
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 25 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 2.11.3-4
- Security fix for CVE-2021-21897
- Fixes: rhbz#2080986
* Wed Jul 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.11.3-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sat May 21 2022 Sandro Mani <manisandro(a)gmail.com> - 2.11.3-2
- Rebuild for gdal-3.5.0 and/or openjpeg-2.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080983 - CVE-2021-21897 libdxflib: heap-based buffer overflow in the
DL_Dxf:handleLWPolylineData function
https://bugzilla.redhat.com/show_bug.cgi?id=2080983
--------------------------------------------------------------------------------
================================================================================
fotoxx-22.31-1.fc36 (FEDORA-2022-93d4ea6f7b)
Photo editor
--------------------------------------------------------------------------------
Update Information:
22.31
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 22.31-1
- 22.31
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123283 - fotoxx-22.31 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123283
--------------------------------------------------------------------------------
================================================================================
golang-github-uber-tally-4.1.2-2.fc36 (FEDORA-2022-b3b10121b8)
A Go metrics interface with fast buffered metrics and third party reporters
--------------------------------------------------------------------------------
Update Information:
Update to 4.1.2 and fix ftbfs
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 4.1.2-2
- Skip m3 test also for armv7hl
* Thu Sep 1 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 4.1.2-1
- Update to 4.1.2 - Closes rhbz#2025732 rhbz#2045623
* Wed Aug 10 2022 Maxwell G <gotmax(a)e.email> - 4.0.1-4
- Rebuild to fix FTBFS
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.1-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.18.10-1.fc36 (FEDORA-2022-538a0cc6f9)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Update to 2.18.10 Add functions to get and set variables for m17n input methods
Update emoji annotations from CLDR Translation update from Weblate (bn added 42%
complete) Test cases for bn-national-jatiya.mim Add more icons in different
sizes to the appdata.xml files Stop calling self.set_wmclass('emoji-picker',
'Emoji Picker') (avoid deprecation warning)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Mike FABIAN <mfabian(a)redhat.com> - 2.18.10-1
- Update to 2.18.10
- Add functions to get and set variables for m17n input methods
- Update emoji annotations from CLDR
- Translation update from Weblate (bn added 42% complete)
- Test cases for bn-national-jatiya.mim
- Add more icons in different sizes to the appdata.xml files
- Stop calling self.set_wmclass('emoji-picker', 'Emoji Picker') (avoid
deprecation warning)
--------------------------------------------------------------------------------
================================================================================
legendary-0.20.28-1.fc36 (FEDORA-2022-c0b4690397)
Free and open-source replacement for the Epic Games Launcher
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> 0.20.28-1
- chore(update): 0.20.28
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.20.27-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123217 - legendary-0.20.28 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123217
--------------------------------------------------------------------------------
================================================================================
libre-2.7.0-1.fc36 (FEDORA-2022-becced843a)
Library for real-time communications and SIP stack
--------------------------------------------------------------------------------
Update Information:
# Baresip v2.7.0 (2022-09-01) - menu: fix `menu_ua_carg` data preference -
call: remember media dir for established state - avformat: fix ffmpeg
`channel_layout` deprecation - cmake: add multicast module - play: ring tone
fixes if `file_ausrc` is set - add peerconnection and mediatrack -
main,test: close re async before `tmr_debug` - http: new file for HTTP
functions - http: add `http_reply_json()` - play: `tmr_polling` has to check
if `ausrc` is used - cmake: use object instead of static for modules - [WIP]
import baresip-webrtc - FindAMR.cmake fixes/improvements - cmake: fix
modules install path and install share files - hook up webrtc to main cmake
file - avformat: check shared for both audio+video - cmake: add V4L2 module
- Omx remove - cmake: add directfb module - main,webrtc/main: add
`re_thread_async_init` - cmake: add wincons and winwave modules - cmake: add
sndfile module - Mention actual GTK+ 3 usage (instead of 2) in `README.md` -
ctrl_tcp: change unsafe operations on an mbuf to the safe mbuf interface -
gzrtp: Call event hander when SAS needs to be verified - Generate also
`MENC_EVENT_PEER_VERIFIED` event - gzrtp: Generate only one
`MENC_EVENT_PEER_VERIFIED` event when all streams are verified - config,net:
add `use_getaddrinfo`/`dns_getaddrinfo` option - cmake: `add_compile_options`
and use re config - cmake/modules: build syslog only if available - cmake:
add selftest - cmake: add win32 linklibs - cmake: add mqtt - Improve C11
cchecks - Added cmake of gzrtp module - Gzrtp cmake - Added cmake of
webrtc_aecm module - Suppressed unused var warnings in webrtc_aecm module -
call: do not set call state to answered, if session progress (PRACK) # librem
v2.7.0 (2022-09-01) - cmake: add FindRE and use `re-config.cmake` for
definitions - Fixed prefix in Debian `librem.pc` # librem v2.7.0 (2022-09-01)
- async: add `re_thread_async` - atomic: Add support for gcc `__sync`
intrinsics - btrace: fix gcc 4.3.5 warnings - h264: fix gcc 4.3.5 warnings
- async: add guard - dns/client: add async `getaddrinfo` usage - async: make
work handler and callback optional - Add a state update action to the main
loop to unblock polling if another thread has affected the state - dns,net:
fix build of `asyn_getaddrinfo` on gcc 4.3.5 - dns/client: fix `getaddrinfo`
duplicates - http/client: fix `dnsc_conf` initialization - tmr:
`tmr_start_dbg` use const char for file arg - base64: Encoding/Decoding with
URL and Filename Safe Alphabet - misc: fix c11 err handling - cmake: move
definitions to `re-config.cmake` - ci/mingw: fix make retest - cmake: add
pkgconfig - Fix error: `NI_MAXSERV` undeclared - Fix error: storage size of
`ifrr` isn���t known - ci/musl: add alpine/musl build - Correctly update local
media format ids to match those in the offer - debian: fix prefix
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.7.0-1
- Upgrade to 2.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123475 - baresip-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123475
[ 2 ] Bug #2123484 - librem-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123484
--------------------------------------------------------------------------------
================================================================================
librem-2.7.0-1.fc36 (FEDORA-2022-becced843a)
Library for real-time audio and video processing
--------------------------------------------------------------------------------
Update Information:
# Baresip v2.7.0 (2022-09-01) - menu: fix `menu_ua_carg` data preference -
call: remember media dir for established state - avformat: fix ffmpeg
`channel_layout` deprecation - cmake: add multicast module - play: ring tone
fixes if `file_ausrc` is set - add peerconnection and mediatrack -
main,test: close re async before `tmr_debug` - http: new file for HTTP
functions - http: add `http_reply_json()` - play: `tmr_polling` has to check
if `ausrc` is used - cmake: use object instead of static for modules - [WIP]
import baresip-webrtc - FindAMR.cmake fixes/improvements - cmake: fix
modules install path and install share files - hook up webrtc to main cmake
file - avformat: check shared for both audio+video - cmake: add V4L2 module
- Omx remove - cmake: add directfb module - main,webrtc/main: add
`re_thread_async_init` - cmake: add wincons and winwave modules - cmake: add
sndfile module - Mention actual GTK+ 3 usage (instead of 2) in `README.md` -
ctrl_tcp: change unsafe operations on an mbuf to the safe mbuf interface -
gzrtp: Call event hander when SAS needs to be verified - Generate also
`MENC_EVENT_PEER_VERIFIED` event - gzrtp: Generate only one
`MENC_EVENT_PEER_VERIFIED` event when all streams are verified - config,net:
add `use_getaddrinfo`/`dns_getaddrinfo` option - cmake: `add_compile_options`
and use re config - cmake/modules: build syslog only if available - cmake:
add selftest - cmake: add win32 linklibs - cmake: add mqtt - Improve C11
cchecks - Added cmake of gzrtp module - Gzrtp cmake - Added cmake of
webrtc_aecm module - Suppressed unused var warnings in webrtc_aecm module -
call: do not set call state to answered, if session progress (PRACK) # librem
v2.7.0 (2022-09-01) - cmake: add FindRE and use `re-config.cmake` for
definitions - Fixed prefix in Debian `librem.pc` # librem v2.7.0 (2022-09-01)
- async: add `re_thread_async` - atomic: Add support for gcc `__sync`
intrinsics - btrace: fix gcc 4.3.5 warnings - h264: fix gcc 4.3.5 warnings
- async: add guard - dns/client: add async `getaddrinfo` usage - async: make
work handler and callback optional - Add a state update action to the main
loop to unblock polling if another thread has affected the state - dns,net:
fix build of `asyn_getaddrinfo` on gcc 4.3.5 - dns/client: fix `getaddrinfo`
duplicates - http/client: fix `dnsc_conf` initialization - tmr:
`tmr_start_dbg` use const char for file arg - base64: Encoding/Decoding with
URL and Filename Safe Alphabet - misc: fix c11 err handling - cmake: move
definitions to `re-config.cmake` - ci/mingw: fix make retest - cmake: add
pkgconfig - Fix error: `NI_MAXSERV` undeclared - Fix error: storage size of
`ifrr` isn���t known - ci/musl: add alpine/musl build - Correctly update local
media format ids to match those in the offer - debian: fix prefix
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.7.0-1
- Upgrade to 2.7.0 (#2123484)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123475 - baresip-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123475
[ 2 ] Bug #2123484 - librem-2.7.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123484
--------------------------------------------------------------------------------
================================================================================
mediawiki-1.37.4-1.fc36 (FEDORA-2022-f83aec6d57)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
MediaWiki 1.37.4 This is a maintenance release of the MediaWiki 1.37 branch.
Changes since MediaWiki 1.37.3 Localisation updates. (T311568)
UploadBase::setTempFile() handle $tempPath being passed as null. (T311559)
SpecialListFiles: user parameter isn't always present. (T311561)
ImageListPager: Don't call htmlspecialchars() on null. (T311920)
SpecialBlockList: Prevent passing null to trim(). (T311921)
SpecialUserrights: Don't pass null to str_replace. (T311570)
SpecialWithoutInterwiki: Don't pass null through to Title::capitalize().
(T311574, T311576) SpecialLinkSearch: Don't pass null through to the parser.
(T312059) Update guzzlehttp/guzzle to 7.4.5 in vendor. (T296435, T297669)
cache: Add four fields to LinkCache::getSelectFields. MediaWiki 1.37.3 This is
a security and maintenance release of the MediaWiki 1.37 branch. Changes since
MediaWiki 1.37.2 Localisation updates. (T289879) Type hints for
ArrayAccess and JsonSerializable. (T304783) TemplateParser: avoid warnings
when called by NoLocalSettings. Rebuilt vendor with composer 2.3.3. Fix
old_name in UserLogoutComplete hook. (T289879) Address some deprecations for
PHP 8.1. (T193565) UserGroupManager: Fix dbDomain in addUserToGroup()
deferred update. (T309114) LocalFile::prerenderThumbnails: Limit the number
of thumbnail jobs triggered. (T307982) Updated wikimedia/parsoid from
v0.14.0 to v0.14.1. (T308471) SECURITY: Escape welcomeuser message passed to
showSuccessPage(). (T308473) SECURITY: Escape contributions-title msg for
use within page title. (T311272) Call parent constructor of AddSite
maintenance script first. MediaWiki: Don't eagerly initialize action name.
Updated wikimedia/shellbox from v2.0.0 to v2.1.1. (T311384, CVE-2022-27776)
Updated guzzlehttp/guzzle from 7.2.0 to 7.4.5. (T289926) Avoid passing null
to trim() in SkinTemplate. (T311473) rollbackEdits: Pass user identity to
RollbackPage. (T307282) Avoid passing null to strcasecmp(), for PHP 8.1.
(T311551) ShellboxClientFactory::getUrl(): Check if $this->key is null.
(T311552) ChangesListSpecialPage: Don't pass null to FormatJson::decode().
(T311569) FileBackend::isStoragePath() Handle being passed null. (T311544)
Pass int to ApiUsageException::newWithMessage()'s $httpCode param. (T311678)
SpecialEditWatchlist: Prevent passing null to strtolower(). (T281741)
ChangeTags: Fix adding CSS classes for hidden tags. (T296642) changetags:
Fix management of a '0' tag. (T311554) ChangeTags: Return early in
formatSummaryRow() if $tags === null. (T303033) Handle null in
ChangeTags::modifyDisplayQuery. Updated wikimedia/common-passwords from
0.3.0 to 0.4.0.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Michael Cronenworth <mike(a)cchtml.com> - 1.37.4-1
- Update to 1.37.4
-
https://www.mediawiki.org/wiki/Release_notes/1.37#MediaWiki_1.37.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2101639 - MediaWiki 1.37.2 pulls in version of dependency (Parsoid 0.14.0)
broken with PHP 8.1
https://bugzilla.redhat.com/show_bug.cgi?id=2101639
[ 2 ] Bug #2102955 - mediawiki-1.38.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2102955
[ 3 ] Bug #2112771 - CVE-2022-34911 mediawiki: Cross-site Scripting [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2112771
[ 4 ] Bug #2112773 - CVE-2022-34912 mediawiki: Username not escaped in the
contributions-title message [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2112773
--------------------------------------------------------------------------------
================================================================================
muffin-5.2.1-2.fc36 (FEDORA-2022-a54714e1f8)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
- Remove muffin binary
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 2 2022 Leigh Scott <leigh123linux(a)gmail.com> - 5.2.1-2
- Remove muffin binary
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2101419 - Muffin doesn't work by itself
https://bugzilla.redhat.com/show_bug.cgi?id=2101419
--------------------------------------------------------------------------------
================================================================================
perl-Test2-Harness-1.0.127-1.fc36 (FEDORA-2022-d4ab3318cf)
Test2 Harness designed for the Test2 event system
--------------------------------------------------------------------------------
Update Information:
This release removes an unnecessary dependency on Carp::Always. ---- This
release adds a yath resources subcommand to inspect resource usage.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Petr Pisar <ppisar(a)redhat.com> - 1.0.127-1
- 1.000127 bump
* Wed Aug 31 2022 Petr Pisar <ppisar(a)redhat.com> - 1.0.126-1
- 1.000126 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2122787 - perl-Test2-Harness-1.000126 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2122787
[ 2 ] Bug #2123062 - perl-Test2-Harness-1.000127 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2123062
--------------------------------------------------------------------------------
================================================================================
python-gnupg-0.5.0-1.fc36 (FEDORA-2022-6c12c9ff6d)
A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
--------------------------------------------------------------------------------
Update Information:
update to 0.5.0, mostly build changes, minor fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 31 2022 Paul Wouters <paul.wouters(a)aiven.io - 0.5.0-1
- update to 0.5.0
- Use newer pyproject python macros
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.8-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 0.4.8-3
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
python-janus-1.0.0-2.fc36 (FEDORA-2022-ad0b20b6be)
Thread-safe asyncio-aware queue for Python
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 12 2022 Roman Inflianskas <rominf(a)aiven.io> - 1.0.0-2
- Actually include LICENSE file
* Fri Aug 5 2022 Roman Inflianskas <rominf(a)aiven.io> - 1.0.0-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2115797 - Review Request: python-janus - Thread-safe asyncio-aware queue for
Python
https://bugzilla.redhat.com/show_bug.cgi?id=2115797
--------------------------------------------------------------------------------
================================================================================
python-name-that-hash-1.10-6.fc36 (FEDORA-2022-e869849cb4)
The Modern Hash Identification System
--------------------------------------------------------------------------------
Update Information:
Update to be able to build after
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5bed6befa3 has bumped rich
to version 12
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 1.10-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 14 2022 Python Maint <python-maint(a)redhat.com> 1.10-5
- Rebuilt for Python 3.11
* Sat Mar 19 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.10-4
- Patch to update deptree to enable rawhide/F37 build - Closes rhbz#2064645
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2123474 - F36FailsToInstall: python3-name-that-hash
https://bugzilla.redhat.com/show_bug.cgi?id=2123474
--------------------------------------------------------------------------------
================================================================================
python-ovh-1.0.0-2.fc36 (FEDORA-2022-cc5edd1706)
Lightweight wrapper around OVHcloud's APIs
--------------------------------------------------------------------------------
Update Information:
Initial package (rhbz#2106063)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Aug 12 2022 Roman Inflianskas <rominf(a)aiven.io> - 1.0.0-2
- Add documentation
* Mon Jul 11 2022 Roman Inflianskas <rominf(a)aiven.io> - 1.0.0-1
- Initial package (rhbz#2106063)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2106063 - Review Request: python-ovh - Lightweight wrapper around
OVHcloud's APIs
https://bugzilla.redhat.com/show_bug.cgi?id=2106063
--------------------------------------------------------------------------------
================================================================================
qt5-qtwebengine-5.15.10-1.fc36 (FEDORA-2022-8c43b4dce7)
Qt5 - QtWebEngine components
--------------------------------------------------------------------------------
Update Information:
Update to 5.15.10 LTS
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 29 2022 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 5.15.10-1
- Update to 5.15.10
* Tue Aug 2 2022 Frantisek Zatloukal <fzatlouk(a)redhat.com> - 5.15.9-5
- Rebuilt for ICU 71.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2079655 - QtWebEngine 5.15.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2079655
--------------------------------------------------------------------------------
================================================================================
rust-wezterm-dynamic-0.1.0-1.fc36 (FEDORA-2022-344a3e6a89)
Config serialization for wezterm via dynamic json-like data values
--------------------------------------------------------------------------------
Update Information:
Initial import; Fixes: RHBZ#2118892
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 2 2022 Davide Cavalca <dcavalca(a)fedoraproject.org> 0.1.0-1
- Initial import; Fixes: RHBZ#2118892
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2118892 - Review Request: rust-wezterm-dynamic - Config serialization for
wezterm via dynamic json-like data values
https://bugzilla.redhat.com/show_bug.cgi?id=2118892
--------------------------------------------------------------------------------
================================================================================
vim-9.0.348-1.fc36 (FEDORA-2022-221bd89404)
The VIM editor
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-3037
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 1 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.348-1
- patchlevel 348
* Tue Aug 30 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 2:9.0.327-1
- patchlevel 327
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2122907 - CVE-2022-3037 vim: use after free in function qf_buf_add_line( )
https://bugzilla.redhat.com/show_bug.cgi?id=2122907
--------------------------------------------------------------------------------