The following Fedora 35 Security updates need testing:
Age URL
172
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
164
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2a5de7cb8b git-2.37.1-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-573714ca6b
xorg-x11-server-1.20.14-7.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8e787b2a5c
xorg-x11-server-Xwayland-21.1.4-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0102ccc2a2
chromium-103.0.5060.114-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e57547c384 osmo-0.4.4-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b5889f43a lua-5.4.4-3.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0dbfb7e270
gnupg1-1.4.23-18.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ac58de6e98
mingw-harfbuzz-2.9.1-2.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-91f353b8be giflib-5.2.1-9.fc35
mingw-giflib-5.2.1-7.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7bc84ae2cc xen-4.15.3-3.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
45
https://bodhi.fedoraproject.org/updates/FEDORA-2022-57015a1d06
binutils-2.37-20.fc35
17
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3bee8e2cf1
unbound-1.16.0-4.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf929f5402 koji-1.29.1-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-37913de00f rpm-4.17.1-2.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-76e3f59c27
libidn2-2.3.3-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-be979081b2 inih-56-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8e787b2a5c
xorg-x11-server-Xwayland-21.1.4-2.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-573714ca6b
xorg-x11-server-1.20.14-7.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a540c39ed0
wireplumber-0.4.11-2.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2a5de7cb8b git-2.37.1-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4b3c2b910c
boost-1.76.0-5.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-45b56e5c67
appstream-data-35-7.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d32aab1a2a
linux-firmware-20220708-136.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-daa7f3dd9a
zenity-3.41.0-2.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4959d44f65
fedora-release-35-37
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4dc0e29a1a sssd-2.7.3-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5b5889f43a lua-5.4.4-3.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4fe37ead8d
ca-certificates-2022.2.54-1.0.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-91f353b8be giflib-5.2.1-9.fc35
mingw-giflib-5.2.1-7.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ed280c0cd
python-rpm-macros-3.10-12.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-22962d0bed
libwebp-1.2.3-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4b663b23a9
setup-2.14.1-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d01103f090
xdg-desktop-portal-1.12.5-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7bc84ae2cc xen-4.15.3-3.fc35
The following builds have been pushed to Fedora 35 updates-testing
ceph-16.2.10-1.fc35
java-1.8.0-openjdk-1.8.0.342.b07-1.fc35
java-11-openjdk-11.0.16.0.8-1.fc35
java-17-openjdk-17.0.4.0.8-1.fc35
java-latest-openjdk-18.0.2.0.9-1.rolling.fc35
lilypond-2.23.11-1.fc35
lilypond-doc-2.23.11-1.fc35
mingw-wine-gecko-2.47.2-5.fc35
mutter-41.8-2.fc35
nrpe-4.1.0-2.fc35
proftpd-1.3.7e-1.fc35
python-dask-2022.7.1-1.fc35~bootstrap
python-py-algorand-sdk-1.16.0-1.fc35
python-ujson-5.4.0-1.fc35
qatengine-0.6.14-1.fc35
rust-packaging-22-1.fc35
rust-srpm-macros-22-1.fc35
switchdesk-5.0.1-10.fc35
Details about builds:
================================================================================
ceph-16.2.10-1.fc35 (FEDORA-2022-6d129f14f2)
User space components of the Ceph file system
--------------------------------------------------------------------------------
Update Information:
ceph 16.2.10 GA Security fix for CVE-2022-0670
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 2:16.2.10-1
- 16.2.10 GA
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2050728 - CVE-2022-0670 ceph: user/tenant can access (read/write) any share
https://bugzilla.redhat.com/show_bug.cgi?id=2050728
--------------------------------------------------------------------------------
================================================================================
java-1.8.0-openjdk-1.8.0.342.b07-1.fc35 (FEDORA-2022-80afe2304a)
OpenJDK 8 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
# New in release OpenJDK 8u342 (2022-07-19) * The release announcement can be
found at:
https://bitly.com/openjdk8u342 * Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-openjdk8u342.txt ##
Security Fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better
properties of loaded Properties - JDK-8277608: Address IP Addressing -
JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI
processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169:
Improve Xalan supports ## FIPS Changes *
[
RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey
generate/import operations don't add the CKA_SIGN attribute in FIPS mode *
[
RH2051605](https://bugzilla.redhat.com/show_bug.cgi?id=2051605): Detect NSS at
Runtime for FIPS detection *
[
RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):
sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *
[
RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to
disabling system security properties and FIPS mode support together * Depend on
`crypto-policies` package at build-time and run-time ## Other Changes * Add
javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD
(Frank Dana) <ferdnyc(a)gmail.com>) ## JDK-8215293: Customizing PKCS12 keystore
Generation New system and security properties have been added to enable users
to customize the generation of PKCS #12 keystores. This includes algorithms and
parameters for key protection, certificate protection, and MacData. The detailed
explanation and possible values for these properties can be found in the "PKCS12
KeyStore properties" section of the `java.security` file. Also, support for the
following SHA-2 based HmacPBE algorithms has been added to the SunJCE provider:
* HmacPBESHA224 * HmacPBESHA256 * HmacPBESHA384 * HmacPBESHA512 *
HmacPBESHA512/224 * HmacPBESHA512/256
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 24 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b07-1
- Update to shenandoah-jdk8u342-b07 (GA)
- Update release notes for 8u342-b07.
- Switch to GA mode for final release.
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b06-0.4.ea
- moved to build only on %{java_arches}
--
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up
release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Reinstate demo package on x86
-- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch: %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was backported proeprly
(with i686 included)
-
https://bugzilla.redhat.com/show_bug.cgi?id=2104129
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.8.0.342.b06-0.3.ea.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b06-0.3.ea
- Reinstate demo package on x86
* Mon Jul 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b06-0.2.ea
- Temporarily disable noarch status of javadoc and javadoc-zip so x86 can differ
* Mon Jul 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b06-0.2.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.342.b06-0.1.ea
- Update to shenandoah-jdk8u342-b06 (EA)
- Update release notes for shenandoah-8u342-b06.
- Switch to EA mode for 8u342 pre-release builds.
- Print release file during build, which should now include a correct SOURCE value from
.src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Remove redundant "REPOS" variable from tarball script
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
* Sun Jul 17 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b09-2
- Rebase FIPS patches from fips branch and simplify by using a single patch from that
repository
- * RH2051605: Detect NSS at Runtime for FIPS detection
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support
together
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:1.8.0.332.b09-2
- Explicitly require crypto-policies during build and runtime for system security
properties
* Thu Jul 14 2022 FeRD (Frank Dana) <ferdnyc(a)gmail.com> - 1:1.8.0.332.b09-2
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Fri Jul 1 2022 Stephan Bergmann <sbergman(a)redhat.com> - 1:1.8.0.332.b09-2
- Disable copy-jdk-configs for Flatpak builds
- Fix flatpak builds by exempting them from bootstrap
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari(a)redhat.com> -
1:1.8.0.332.b09-2
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in
FIPS mode
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036462 - rh1991003 patch breaks
sun.security.pkcs11.wrapper.PKCS11.getInstance()
https://bugzilla.redhat.com/show_bug.cgi?id=2036462
--------------------------------------------------------------------------------
================================================================================
java-11-openjdk-11.0.16.0.8-1.fc35 (FEDORA-2022-d26586b419)
OpenJDK 11 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
# New in release OpenJDK 11.0.16 (2022-07-19) * The release announcement can
be found at
https://bit.ly/openjdk11016 * Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-11.0.16.txt ##
Security fixes - JDK-8277608: Address IP Addressing - JDK-8272243: Improve
DER parsing - JDK-8272249: Better properties of loaded Properties -
JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations - JDK-8283190: Improve MIDI
processing - JDK-8284370: Improve zlib usage - JDK-8285407, CVE-2022-34169:
Improve Xalan supports ## FIPS Changes *
[
RH2007331](https://bugzilla.redhat.com/show_bug.cgi?id=2007331): SecretKey
generate/import operations don't add the CKA_SIGN attribute in FIPS mode *
[
RH2036462](https://bugzilla.redhat.com/show_bug.cgi?id=2036462):
sun.security.pkcs11.wrapper.PKCS11.getInstance breakage *
[
RH2090378](https://bugzilla.redhat.com/show_bug.cgi?id=2090378): Revert to
disabling system security properties and FIPS mode support together * Depend on
`crypto-policies` package at build-time and run-time ## Other Changes * Add
javaver- and origin-specific javadoc and javadoczip alternatives (thanks to FeRD
(Frank Dana) <ferdnyc(a)gmail.com>) ## JDK-8285240: HTTPS Channel Binding support
for Java GSS/Kerberos Support has been added for TLS channel binding tokens for
Negotiate/Kerberos authentication over HTTPS through
`javax.net.HttpsURLConnection`. Channel binding tokens are increasingly
required as an enhanced form of security which can mitigate certain kinds of
socially engineered, man in the middle (MITM) attacks. They work by
communicating from a client to a server the client's understanding of the
binding between connection security (as represented by a TLS server cert) and
higher level authentication credentials (such as a username and password). The
server can then detect if the client has been fooled by a MITM and shutdown the
session/connection. The feature is controlled through a new system property
`jdk.https.negotiate.cbt` which is described fully at the following page:
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-
files/net-properties.html#jdk.https.negotiate.cbt ## JDK-8278386: Default JDK
compressor will be closed when IOException is encountered
`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods have been
modified to close out the associated default JDK compressor before propagating a
`Throwable` up the stack. `ZIPOutputStream.closeEntry()` method has been
modified to close out the associated default JDK compressor before propagating
an `IOException`, not of type `ZipException`, up the stack. ## JDK-8277157:
Vector should throw ClassNotFoundException for a missing class of an element
`java.util.Vector` is updated to correctly report `ClassNotFoundException that
occurs during deserialization using
`java.io.ObjectInputStream.GetField.get(name, object)` when the class of an
element of the Vector is not found. Without this fix, a
`StreamCorruptedException` is thrown that does not provide information about the
missing class.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.16.0.8-1
- Update to jdk-11.0.16+8
- Update release notes to 11.0.16+8
- Switch to GA mode for release
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek <gnu.andrew(a)redhat.com> - 1:11.0.16.0.7-0.4.ea
- moved to build only on %{java_arches}
--
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up
release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch: %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was backported proeprly
(with i686 included)
-
https://bugzilla.redhat.com/show_bug.cgi?id=2104126
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:11.0.16.0.7-0.3.ea.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.16.0.7-0.3.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.16.0.7-0.2.ea
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.16.0.7-0.1.ea
- Update to jdk-11.0.16+7
- Update release notes to 11.0.16+7
- Switch to EA mode for 11.0.16 pre-release builds.
- Use same tarball naming style as java-17-openjdk and java-latest-openjdk
- Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
- Drop JDK-8257794 patch now upstreamed
- Print release file during build, which should now include a correct SOURCE value from
.src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Use "git apply" with patches in the tarball script to allow binary diffs
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
* Thu Jul 14 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:11.0.16.0.7-0.1.ea
- Add additional patch during tarball generation to align tests with ECC changes
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.15.0.10-7
- Explicitly require crypto-policies during build and runtime for system security
properties
* Thu Jul 14 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:11.0.15.0.10-6
- Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on
that architecture:
-
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
* Thu Jul 14 2022 FeRD (Frank Dana) <ferdnyc(a)gmail.com> - 1:11.0.15.0.10-5
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.15.0.10-4
- Make use of the vendor version string to store our version & release rather than an
upstream release date
* Thu Jul 7 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:11.0.15.0.10-3
- Rebase FIPS patches from fips branch and simplify by using a single patch from that
repository
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support
together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari(a)redhat.com> -
1:11.0.15.0.10-2
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in
FIPS mode
--------------------------------------------------------------------------------
================================================================================
java-17-openjdk-17.0.4.0.8-1.fc35 (FEDORA-2022-64431bccec)
OpenJDK 17 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
# New in release OpenJDK 17.0.4 (2022-07-19) * The release announcement can be
found at
https://bit.ly/openjdk1704 * Full release details can be found at
https://builds.shipilev.net/backports-monitor/release-notes-17.0.4.txt ##
Security fixes - JDK-8272243: Improve DER parsing - JDK-8272249: Better
properties of loaded Properties - JDK-8273056, JDK-8283875, CVE-2022-21549:
java.util.random does not correctly sample exponential or Gaussian distributions
- JDK-8277608: Address IP Addressing - JDK-8281859, CVE-2022-21540: Improve
class compilation - JDK-8281866, CVE-2022-21541: Enhance MethodHandle
invocations - JDK-8283190: Improve MIDI processing - JDK-8284370: Improve
zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports ##
JDK-8285240: HTTPS Channel Binding support for Java GSS/Kerberos Support has
been added for TLS channel binding tokens for Negotiate/Kerberos authentication
over HTTPS through `javax.net.HttpsURLConnection`. Channel binding tokens are
increasingly required as an enhanced form of security which can mitigate certain
kinds of socially engineered, man in the middle (MITM) attacks. They work by
communicating from a client to a server the client's understanding of the
binding between connection security (as represented by a TLS server cert) and
higher level authentication credentials (such as a username and password). The
server can then detect if the client has been fooled by a MITM and shutdown the
session/connection. The feature is controlled through a new system property
`jdk.https.negotiate.cbt` which is described fully at the following page:
https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/net/doc-
files/net-properties.html#jdk.https.negotiate.cbt ## JDK-8278386: Default JDK
compressor will be closed when IOException is encountered
`DeflaterOutputStream.close()` and `GZIPOutputStream.finish()` methods have been
modified to close out the associated default JDK compressor before propagating a
`Throwable` up the stack. `ZIPOutputStream.closeEntry()` method has been
modified to close out the associated default JDK compressor before propagating
an `IOException`, not of type `ZipException`, up the stack.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.8-1
- Update to jdk-17.0.3.0+8
- Update release notes to 17.0.3.0+8
- Switch to GA mode for release
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek <gnu.andrew(a)redhat.com> - 1:17.0.4.0.7-0.3.ea
- moved to build only on %{java_arches}
--
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up
release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch: %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was backported proeprly
(with i686 included)
-
https://bugzilla.redhat.com/show_bug.cgi?id=2104128
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:17.0.4.0.7-0.2.ea.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.7-0.2.ea
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sat Jul 16 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.7-0.1.ea
- Update to jdk-17.0.3.0+7
- Update release notes to 17.0.3.0+7
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
- Need to include the '.S' suffix in debuginfo checks after JDK-8284661
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.1-0.5.ea
- Explicitly require crypto-policies during build and runtime for system security
properties
* Thu Jul 14 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:17.0.4.0.1-0.4.ea
- Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on
that architecture:
-
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
* Thu Jul 14 2022 FeRD (Frank Dana) <ferdnyc(a)gmail.com> - 1:17.0.4.0.1-0.3.ea
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
* Thu Jul 14 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.1-0.2.ea
- Make use of the vendor version string to store our version & release rather than an
upstream release date
- Include a test in the RPM to check the build has the correct vendor information.
* Thu Jul 14 2022 Jayashree Huttanagoudar <jhuttana(a)redhat.com> -
1:17.0.4.0.1-0.2.ea
- Fix issue where CheckVendor.java test erroneously passes when it should fail.
- Add proper quoting so '&' is not treated as a special character by the
shell.
* Mon Jul 11 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.4.0.1-0.1.ea
- Update to jdk-17.0.4.0+1
- Update release notes to 17.0.4.0+1
- Switch to EA mode for 17.0.4 pre-release builds.
- Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
- Print release file during build, which should now include a correct SOURCE value from
.src-rev
- Update tarball script with IcedTea GitHub URL and .src-rev generation
- Include script to generate bug list for release notes
- Update tzdata requirement to 2022a to match JDK-8283350
- Move EA designator check to prep so failures can be caught earlier
- Make EA designator check non-fatal while upstream is not maintaining it
* Thu Jul 7 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.7-7
- Fix whitespace in spec file
* Thu Jul 7 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.7-7
- Sequence spec file sections as they are run by rpmbuild (build, install then test)
* Tue Jul 5 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.7-7
- Turn on system security properties as part of the build's install section
- Move cacerts replacement to install section and retain original of this and tzdb.dat
- Run tests on the installed image, rather than the build image
- Introduce variables to refer to the static library installation directories
- Use relative symlinks so they work within the image
- Run debug symbols check during build stage, before the install strips them
* Fri Jul 1 2022 Stephan Bergmann <sbergman(a)redhat.com> - 1:17.0.3.0.7-6
- Fix flatpak builds by exempting them from bootstrap
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari(a)redhat.com> -
1:17.0.3.0.7-5
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in
FIPS mode
* Mon Jun 27 2022 Stephan Bergmann <sbergman(a)redhat.com> - 1:17.0.3.0.7-4
- Fix flatpak builds (catering for their uncompressed manual pages)
* Wed Jun 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:17.0.3.0.7-3
- Update FIPS support to bring in latest changes
- * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
- * RH2090378: Revert to disabling system security properties and FIPS mode support
together
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
- Enable system security properties in the RPM (now disabled by default in the FIPS repo)
- Improve security properties test to check both enabled and disabled behaviour
- Run security properties test with property debugging on
--------------------------------------------------------------------------------
================================================================================
java-latest-openjdk-18.0.2.0.9-1.rolling.fc35 (FEDORA-2022-b76ab52e73)
OpenJDK 18 Runtime Environment
--------------------------------------------------------------------------------
Update Information:
# New in release OpenJDK 18.0.2 (2022-07-19) * Full release notes can be found
at
https://builds.shipilev.net/backports-monitor/release-notes-18.0.2.txt ##
Security fixes * JDK-8272243: Improve DER parsing - JDK-8272249: Better
properties of loaded Properties - JDK-8277608: Address IP Addressing -
JDK-8281859, CVE-2022-21540: Improve class compilation - JDK-8281866,
CVE-2022-21541: Enhance MethodHandle invocations - JDK-8282676: Improve
subject handling - JDK-8283190: Improve MIDI processing - JDK-8284370:
Improve zlib usage - JDK-8285407, CVE-2022-34169: Improve Xalan supports ##
JDK-8288367: CPU Shares Ignored When Computing Active Processor Count Previous
JDK releases used an incorrect interpretation of the Linux cgroups parameter
`cpu.shares`. This might cause the JVM to use fewer CPUs than available, leading
to an under utilization of CPU resources when the JVM is used inside a
container. Starting from this JDK release, by default, the JVM no longer
considers `cpu.shares` when deciding the number of threads to be used by the
various thread pools. The `-XX:+UseContainerCpuShares` command-line option can
be used to revert to the previous behaviour. This option is deprecated and may
be removed in a future JDK release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.2.0.9-1.rolling
- Update to jdk-18.0.2 release
- Update release notes to 18.0.2
- Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
- Exclude x86 where java_arches is undefined, in order to unbreak build
* Fri Jul 22 2022 Jiri Vanek <gnu.andrew(a)redhat.com> - 1:18.0.1.1.2-8.rolling
- moved to build only on %{java_arches}
--
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up
release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch: %{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was backported properly
(with i686 included)
-
https://bugzilla.redhat.com/show_bug.cgi?id=2104125
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:18.0.1.1.2-7.rolling.1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.1.1.2-7.rolling
- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
* Sun Jul 17 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.1.1.2-6.rolling
- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
* Wed Jul 13 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.1.1.2-5.rolling
- Explicitly require crypto-policies during build and runtime for system security
properties
* Wed Jul 13 2022 Jiri Vanek <jvanek(a)redhat.com> - 1:18.0.1.1.2-4.rolling.
- Replaced binaries and .so files with bash-stubs on i686 in preparation of the removal on
that architecture:
-
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
* Wed Jul 13 2022 Andrew Hughes <gnu.andrew(a)redhat.com> - 1:18.0.1.1.2-3.rolling
- Make use of the vendor version string to store our version & release rather than an
upstream release date
* Tue Jul 12 2022 FeRD (Frank Dana) <ferdnyc(a)gmail.com> - 1:18.0.1.1.2-2.rolling
- Add javaver- and origin-specific javadoc and javadoczip alternatives.
--------------------------------------------------------------------------------
================================================================================
lilypond-2.23.11-1.fc35 (FEDORA-2022-5096605469)
A typesetting system for music notation
--------------------------------------------------------------------------------
Update Information:
2.23.11 ---- Build with guile bytecode for improved performance.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 2.23.11-1
- 2.23.11
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.23.10-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 2.23.10-2
- Build with guile bytecode for improved performance.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2107934 - lilypond package should provide Guile bytecode for reasonable
startup speed
https://bugzilla.redhat.com/show_bug.cgi?id=2107934
[ 2 ] Bug #2110235 - lilypond-2.23.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2110235
--------------------------------------------------------------------------------
================================================================================
lilypond-doc-2.23.11-1.fc35 (FEDORA-2022-5096605469)
HTML documentation for LilyPond
--------------------------------------------------------------------------------
Update Information:
2.23.11 ---- Build with guile bytecode for improved performance.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 2.23.11-1
- 2.23.11
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.23.10-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2107934 - lilypond package should provide Guile bytecode for reasonable
startup speed
https://bugzilla.redhat.com/show_bug.cgi?id=2107934
[ 2 ] Bug #2110235 - lilypond-2.23.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2110235
--------------------------------------------------------------------------------
================================================================================
mingw-wine-gecko-2.47.2-5.fc35 (FEDORA-2022-5dea466843)
Gecko library required for Wine
--------------------------------------------------------------------------------
Update Information:
- Fix FTBFS in Fedora rawhide/f35 (#1987713)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 24 2022 Michael Cronenworth <mike(a)cchtml.com> - 2.47.2-5
- Fix FTBFS (RHBZ#1987713)
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.47.2-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.47.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1987713 - mingw-wine-gecko: FTBFS in Fedora rawhide/f35
https://bugzilla.redhat.com/show_bug.cgi?id=1987713
--------------------------------------------------------------------------------
================================================================================
mutter-41.8-2.fc35 (FEDORA-2022-4bfe306a05)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
Fix sporadic crashes.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Jonas ��dahl <jadahl(a)redhat.com> - 41.8-2
- Revert incorrect upstream backport
Resolves: #2110041
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2110041 - Display server crashing randomly after upgrade to 41.8.1-1
https://bugzilla.redhat.com/show_bug.cgi?id=2110041
--------------------------------------------------------------------------------
================================================================================
nrpe-4.1.0-2.fc35 (FEDORA-2022-3a85ed1a46)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.1.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 4.1.0-1
- Update to upstream
- Hardened build is default for Fedora 23+
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.3-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Dec 8 2021 Xavier Bachelot <xavier(a)bachelot.org> - 4.0.3-10
- Drop EL6 support
- Fix EL9 build
- Use %license
* Thu Nov 11 2021 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 4.0.3-9
- Don't use get_dh on Fedora 36 - OpenSSL 3. (bz#2021958)
- Remove unknown --with-init-dir configure parameter.
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 4.0.3-8
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.7e-1.fc35 (FEDORA-2022-fb100d6e48)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This is the current maintenance release from upstream. It contains fixes for
`mod_sftp` for compatibility with OpenSSL 3.x
(
https://github.com/proftpd/proftpd/issues/1448).
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 24 2022 Paul Howarth <paul(a)city-fan.org> - 1.3.7e-1
- Update to 1.3.7e
- Ensure that mod_sftp algorithms work properly with OpenSSL 3.x (GH#1448)
- Drop pcre build dependency since we have been explicitly disabling it for the
last 5 years anyway
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.3.7d-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-dask-2022.7.1-1.fc35~bootstrap (FEDORA-2022-e5f37f2237)
Parallel PyData with Task Scheduling
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> 2022.7.1-1
- Update to latest version (#2089862)
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 2022.5.0-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jun 21 2022 Miro Hron��ok <miro(a)hroncok.cz> 2022.5.0-5
- Don't BuildRequire unused pre-commit
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2089862 - python-dask-2022.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2089862
--------------------------------------------------------------------------------
================================================================================
python-py-algorand-sdk-1.16.0-1.fc35 (FEDORA-2022-23be6ffa5a)
Algorand Python SDK
--------------------------------------------------------------------------------
Update Information:
1.16.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1.16.0-1
- 1.16.0
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.15.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 6 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1.15.0-1
- 1.15.0
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 1.13.1-2
- Rebuilt for Python 3.11
* Thu May 5 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1.13.1-1
- 1.13.1
* Mon May 2 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1.13.0-1
- 1.13.0
* Thu Apr 21 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 1.12.0-1
- 1.12.0
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.8.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2110406 - python-py-algorand-sdk-1.16.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2110406
--------------------------------------------------------------------------------
================================================================================
python-ujson-5.4.0-1.fc35 (FEDORA-2022-33e816bc37)
Ultra fast JSON encoder and decoder written in pure C
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2022-31116, CVE-2022-31117, and CVE-2021-45958. See
https://github.com/ultrajson/ultrajson/releases for release notes since 3.0.0.
Despite the major version bump, this should be a compatible update. See also
https://pagure.io/fesco/issue/2834.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 14 2022 Alfredo Moralejo <amoralej(a)redhat.com> - 5.4.0-1
- Update to 5.4.0 (closes rhbz#2103379)
- Includes fixes for CVE-2022-31117 and CVE-2022-31116
* Fri May 20 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.3.0-1
- Update to 5.3.0 (close RHBZ#2088232)
* Fri Apr 8 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.2.0-1
- Update to 5.2.0 (close RHBZ#2072241)
- Migrate to pyproject-rpm-macros (���new Python guidelines���)
* Sun Mar 6 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> - 5.1.0-1
- Update to 5.1.0 (close RHBZ#1862763)
- Unbundle double-conversion and prevent debug symbol stripping with separate
patches, both offered upstream
- Drop obsolete %python_provide macro
* Sat Jul 31 2021 Kushal Das <kushal(a)fedoraproject.org> 4.0.2-1
- Update to 4.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2103379 - python-ujson-5.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2103379
--------------------------------------------------------------------------------
================================================================================
qatengine-0.6.14-1.fc35 (FEDORA-2022-bb3ba342b4)
Intel QuickAssist Technology (QAT) OpenSSL Engine
--------------------------------------------------------------------------------
Update Information:
Update to QAT Engine v0.6.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 20 2022 Yogaraj Alamenda <yogarajx.alamenda(a)intel.com> - 0.6.14-1
- Update to qatengine v0.6.14
--------------------------------------------------------------------------------
================================================================================
rust-packaging-22-1.fc35 (FEDORA-2022-04e23a1f12)
RPM macros for building Rust packages
--------------------------------------------------------------------------------
Update Information:
Update rust2rpm, rust-packaging, and rust-srpm-macros to version 22. Release
notes:
https://pagure.io/fedora-rust/rust2rpm/blob/main/f/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Fabio Valentini <decathorpe(a)gmail.com> 22-1
- Update to version 22; Fixes RHBZ#2110233
--------------------------------------------------------------------------------
================================================================================
rust-srpm-macros-22-1.fc35 (FEDORA-2022-04e23a1f12)
RPM macros for building Rust source packages
--------------------------------------------------------------------------------
Update Information:
Update rust2rpm, rust-packaging, and rust-srpm-macros to version 22. Release
notes:
https://pagure.io/fedora-rust/rust2rpm/blob/main/f/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Fabio Valentini <decathorpe(a)gmail.com> 22-1
- Update to version 22; Fixes RHBZ#2110232
--------------------------------------------------------------------------------
================================================================================
switchdesk-5.0.1-10.fc35 (FEDORA-2022-4fe4be36b9)
A desktop environment switcher
--------------------------------------------------------------------------------
Update Information:
fix switch desktop to plasma
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 25 2022 Than Ngo <than(a)redhat.com> - 5.0.1-10
- fixed bz#2108715, fix switch desktop to plasma
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2108715 - KDE group name "KDE (K Desktop Environment)" instead of
"KDE Plasma Workspaces"
https://bugzilla.redhat.com/show_bug.cgi?id=2108715
--------------------------------------------------------------------------------