The following Fedora 35 Security updates need testing:
Age URL
263
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
34
https://bodhi.fedoraproject.org/updates/FEDORA-2022-58055cb1ef
nodejs-16.17.1-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fcf5dbb447
libxml2-2.10.3-1.fc35 xmlsec1-1.2.29-5.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bf18450366
drupal7-7.92-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b050ae8974
java-1.8.0-openjdk-1.8.0.352.b08-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5d494ab9ab
java-17-openjdk-17.0.5.0.8-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1c07902a5e
java-11-openjdk-11.0.17.0.8-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-39688a779d curl-7.79.1-7.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a04a020e48
python3.11-3.11.0-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-523c1c8017
python3.9-3.9.15-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec7de69ceb
java-latest-openjdk-19.0.1.0.10-2.rolling.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f1aed93db8
ghc-cmark-gfm-0.2.5-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
82
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bca7996d14
annobin-10.81-1.fc35
46
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97f6c4fd2a
libblockdev-2.28-2.fc35
17
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7c5789009a
python3-docs-3.10.8-1.fc35 python3.10-3.10.8-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7a7523988
thunderbird-102.4.0-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-96d1086fff
gnutls-3.7.8-2.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2f33bf498d rsync-3.2.7-1.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-db6ecb3d6a
netcat-1.219-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-84a4d61a33
mtools-4.0.42-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fcf5dbb447
libxml2-2.10.3-1.fc35 xmlsec1-1.2.29-5.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8cc2a55191
libidn2-2.3.4-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-39688a779d curl-7.79.1-7.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a044f89f66 koji-1.30.1-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0e2736b340
webkit2gtk3-2.38.1-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-569e7560ec
python-rpm-macros-3.10-13.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0535a53522
cmake-3.24.2-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-80b7db48db
rust-packaging-23-1.fc35 rust-srpm-macros-23-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec0c51fe25
tzdata-2022f-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8b2695fc0e
hwdata-0.364-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2022-596a8be8cf expat-2.5.0-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
baresip-2.9.0-1.fc35
dotnet6.0-6.0.110-2.fc35
exim-4.96-5.fc35
fedora-license-data-1.7-1.fc35
firefox-106.0.3-1.fc35
golang-github-digitalocean-godo-1.88.0-1.fc35
golang-github-graylog2-gelf-2.0.0-5.20201111git1550ee6.fc35
gretl-2022c-1.fc35
ibus-table-1.16.13-1.fc35
jgmenu-4.4.1-1.fc35
libre-2.9.0-1.fc35
librem-2.9.0-1.fc35
libxcrypt-4.4.30-1.fc35
openvpn-2.5.8-1.fc35
osbuild-composer-67-1.fc35
perl-HTML-Parser-3.80-1.fc35
putty-0.78-1.fc35
python-contourpy-1.0.6-1.fc35
rust-hyper-0.14.22-1.fc35
xen-4.15.3-7.fc35
Details about builds:
================================================================================
baresip-2.9.0-1.fc35 (FEDORA-2022-0d06491f80)
Modular SIP user-agent with audio and video support
--------------------------------------------------------------------------------
Update Information:
# Baresip 2.9.0 (2022-11-01) * sndfile: Filename includes `strm->cname` (i.e.
`call->local_uri`) && `strm->peer` values (i.e. `call->peer_uri`) to
derive
source and destination of recorded call * log: optional timestamps *
avcodec: remove H263 codec * mk: bump `PROJECT_NUMBER` in `Doxyfile` *
stream: correct Doxygen for peer field * cmake: add pre version handling *
cmake,debian: use `dh-cmake` * cmake: add pkgconfig * Avoid webrtc_aecm
module C++20 extension warnings * cmake/ctrld_dbus: ninja and subdirectory
fixes * cmake: link `CMAKE_CURRENT_BINARY_DIR` modules * cmake,debian: fix
libbaresip dependency * cmake: set C only flags * FindPNG needs to find also
include directory * FindVPX needs to find also include directory * Multicast
send events on mcreg enable commands * call, menu: support display name for
outgoing calls * call: hangup call on transp reset if necessary * portaudio:
add `mediadev_add` with mediadev driver fields * call: fix mnat
`call_streams_alloc` * jack: fix CodeQL uninitialized local variable * Avoid
snapshot compiler warnings * avformat: remove old call to
`avcodec_register_all()` * avformat: remove `LIBAVUTIL_VERSION_MAJOR` check
* ua: wording for warning in `ua_refer_send()` * ua: use mbuf functions for
`ua_connect_dir` * ci: use `actions/checkout@v3` * avcodec: remove
`av_packet_free()` wrapper * selfview: create window in encode_update *
alsa: use C11 threads * config: fix template for `avcodec_xxx` * avformat:
use C11 threads * v4l2: use C11 threads * avcodec: remove
`LIBAVUTIL_VERSION_MAJOR` check * multicast: use C11 threads * menu fix
display name * account: do not complete dial URI if scheme is included *
menu: simplify URI complete * gtk: use new function
`account_uri_complete_strdup()` * Removed module avformat dependency on
libpostproc * make: detect and add swscale module in modules.mk * cmake: add
`APP_MODULES` symlinks * cmake: use `CMAKE_SHARED_MODULE_SUFFIX` # librem
v2.9.0 (2022-11-01) * cmake: add pre-release version handling *
`README.md`: Update build instructions for cmake * aubuf: exclude non
compatible CXX functions * auframe: skip level calculation if format is RAW
* ci: use `actions/checkout@v3` * vidframe_draw_point: add NV12 and NV21 pixel
format # libre v2.9.0 (2022-11-01) * cmake,make: bump version and set dev
identifier * udp: remove `udp_send_anon()` * cmake: enable export symbols
for backtrace * `README.md`: Update build instructions for cmake * cmake:
improve kqueue and epoll detection * fs: add `fs_stdio_hide()` and
`fs_stdio_restore()` helpers * json: remove unknown type warning * http: fix
warning arguments * net_if_getlinklocal: use AF from input parameter * fmt:
add `str_itoa` * SDP support for <proto> udp * tls: remove some warnings *
fmt: add `pl_trim` functions * aes/openssl: remove obsolete version check *
http: use `str_dup()` instead of unsafe `strcpy()` * doxygen: update comments
* reg: remove obsolete void cast * Tls connect debug * mk: update doxygen
file * ci: use `actions/checkout@v3` * tls: remove ifdef from public API *
sip: `sip_conncfg_set` pass by reference * dnsc get conf and skip hash alloc
without hash size changes * sdp/media: fix reorder codecs (restore old
behavior) * list: fix `list_flush` head and tail * prepare 2.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.9.0-1
- Upgrade to 2.9.0 (#2139174)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139163 - libre-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139163
[ 2 ] Bug #2139164 - librem-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139164
[ 3 ] Bug #2139174 - baresip-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139174
--------------------------------------------------------------------------------
================================================================================
dotnet6.0-6.0.110-2.fc35 (FEDORA-2022-7ad73a633f)
.NET Runtime and SDK
--------------------------------------------------------------------------------
Update Information:
This is the October 2022 monthly update for .NET 6. It updates the SDK to
6.0.110 and the Runtime to 6.0.10. This update includes a fix for CVE
2022-41032
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 31 2022 Omair Majid <omajid(a)redhat.com> - 6.0.110-2
- Set OPENSSL_ENABLE_SHA1_SIGNATURES=1 when building
* Fri Oct 28 2022 Omair Majid <omajid(a)redhat.com> - 6.0.110-1
- Update to .NET SDK 6.0.110 and Runtime 6.0.10
--------------------------------------------------------------------------------
================================================================================
exim-4.96-5.fc35 (FEDORA-2022-ebbac924d3)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
Fixed use after free in dmarc_dns_lookup (CVE-2022-3620).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Jaroslav ��karvada <jskarvad(a)redhat.com> - 4.96-5
- Fixed use after free in dmarc_dns_lookup
Resolves: CVE-2022-3620
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2136729 - CVE-2022-3620 exim: UAF in dmarc_dns_lookup
https://bugzilla.redhat.com/show_bug.cgi?id=2136729
--------------------------------------------------------------------------------
================================================================================
fedora-license-data-1.7-1.fc35 (FEDORA-2022-ea1ef53987)
Fedora Linux license data
--------------------------------------------------------------------------------
Update Information:
- Also use rich-deps on EL 8 - Once again, abandon the toml module, use
tomllib/tomli/tomli-w instead - Fix typos in license review template - rename
[fedora]name to [fedora]legacy-name - rename [fedora]abbreviation to
[fedora]legacy-abbreviation - Revise toml for GPL-2.0-or-later WITH x11vnc-
openssl-exception - Add FSFULLRWD - Add OFL-1.1-RFN as allowed-fonts - use
tomllib instead of toml - document availablity of fedora-licenses.json artifact
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Miroslav Such�� <msuchy(a)redhat.com> 1.7-1
- redefine JSON format
- Also use rich-deps on EL 8 (miro(a)hroncok.cz)
- Once again, abandon the toml module, use tomllib/tomli/tomli-w instead
(miro(a)hroncok.cz)
- Fix typos in license review template (dcavalca(a)fedoraproject.org)
- rename [fedora]name to [fedora]legacy-name
- rename [fedora]abbreviation to [fedora]legacy-abbreviation
- Revise toml for GPL-2.0-or-later WITH x11vnc-openssl-exception
(rfontana(a)redhat.com)
- Add FSFULLRWD (rfontana(a)redhat.com)
- Add OFL-1.1-RFN as allowed-fonts (rfontana(a)redhat.com)
- use tomllib instead of toml
- document availablity of fedora-licenses.json artifact
--------------------------------------------------------------------------------
================================================================================
firefox-106.0.3-1.fc35 (FEDORA-2022-cba606724f)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Updated to 106.0.3 ---- - New upstream version (106.0.1)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 31 2022 Martin Stransky <stransky(a)redhat.com>- 106.0.3-1
- Update to 106.0.3
* Sun Oct 23 2022 Martin Stransky <stransky(a)redhat.com>- 106.0.1-1
- Update to 106.0.1
- Require xdg-desktop-portal when file dialog portal is used.
- Disabled file dialog portals on F37+
* Thu Oct 20 2022 Jan Grulich <jgrulich(a)redhat.com> - 106.0-2
- Enable upstream WebRTC code for screensharing on Wayland
* Fri Oct 14 2022 Martin Stransky <stransky(a)redhat.com>- 106.0-1
- Updated to 106.0
- Disabled PGO build due to rhbz#2136401
* Fri Oct 14 2022 Martin Stransky <stransky(a)redhat.com>- 105.0.2-2
- Fixed crashes on multi-monitor systems (mzbz#1793922)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2138214 - Firefox 106.0.2 was released
https://bugzilla.redhat.com/show_bug.cgi?id=2138214
--------------------------------------------------------------------------------
================================================================================
golang-github-digitalocean-godo-1.88.0-1.fc35 (FEDORA-2022-d11851bd41)
DigitalOcean Go API client
--------------------------------------------------------------------------------
Update Information:
Update to 1.88.0 ---- Update to 1.87.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.88.0-1
- Update to 1.88.0 - Closes rhbz#2139080
* Fri Oct 28 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 1.87.0-1
- Update to 1.87.0 - Closes rhbz#2134521
--------------------------------------------------------------------------------
================================================================================
golang-github-graylog2-gelf-2.0.0-5.20201111git1550ee6.fc35 (FEDORA-2022-0356953a6b)
GELF library for Go
--------------------------------------------------------------------------------
Update Information:
Bump to commit 1550ee647df0510058c9d67a45c56f18911d80b8 ---- Fix release
number
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.0.0-5
- Bump to commit 1550ee647df0510058c9d67a45c56f18911d80b8
* Tue Nov 1 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.0.0-4
- Fix release number
* Tue Nov 1 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.0.0-0.3
- Fix typo
* Tue Nov 1 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com>
- Fix version number
--------------------------------------------------------------------------------
================================================================================
gretl-2022c-1.fc35 (FEDORA-2022-420c6ec5d8)
A tool for econometric analysis
--------------------------------------------------------------------------------
Update Information:
- update to 2022c -
https://gretlml.univpm.it/hyperkitty/list/gretl-
announce(a)gretlml.univpm.it/message/U4JS2SGCRE3WZR6CJ6LT6RR6JJ7FHMSI/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Johannes Lips <hannes(a)fedoraproject.org> - 2022c-1
- Update to 2022c
--------------------------------------------------------------------------------
================================================================================
ibus-table-1.16.13-1.fc35 (FEDORA-2022-a326096438)
The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
Update to 1.16.13 Get program name of focused window also when ibus cannot get
it Use focus id if available (it is available for ibus >= 1.5.27) Use
IBus.PreeditFocusMode.COMMIT and make sure the input is cleared and the UI
updated when the focus changes (Resolves:
https://github.com/mike-fabian/ibus-
table/issues/129) Do not reset input purpose on focus out (See:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5966#note_1576732) Do not
commit by index when OSK is visible (Resolves:
https://github.com/mike-
fabian/ibus-table/issues/128)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Mike FABIAN <mfabian(a)redhat.com> - 1.16.13-1
- Update to 1.16.13
- Get program name of focused window also when ibus cannot get it
- Use focus id if available (it is available for ibus >= 1.5.27)
- Use IBus.PreeditFocusMode.COMMIT and make sure the input is
cleared and the UI updated when the focus changes
(Resolves:
https://github.com/mike-fabian/ibus-table/issues/129)
- Do not reset input purpose on focus out
(See:
https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/5966#note_1576732)
- Do not commit by index when OSK is visible
(Resolves:
https://github.com/mike-fabian/ibus-table/issues/128)
--------------------------------------------------------------------------------
================================================================================
jgmenu-4.4.1-1.fc35 (FEDORA-2022-d90796dbad)
Simple X11 application menu
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 TI_Eugene <ti.eugene(a)gmail.com> - 4.4.1-1
- Version bump (close #2138771)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libre-2.9.0-1.fc35 (FEDORA-2022-0d06491f80)
Generic library for real-time communications
--------------------------------------------------------------------------------
Update Information:
# Baresip 2.9.0 (2022-11-01) * sndfile: Filename includes `strm->cname` (i.e.
`call->local_uri`) && `strm->peer` values (i.e. `call->peer_uri`) to
derive
source and destination of recorded call * log: optional timestamps *
avcodec: remove H263 codec * mk: bump `PROJECT_NUMBER` in `Doxyfile` *
stream: correct Doxygen for peer field * cmake: add pre version handling *
cmake,debian: use `dh-cmake` * cmake: add pkgconfig * Avoid webrtc_aecm
module C++20 extension warnings * cmake/ctrld_dbus: ninja and subdirectory
fixes * cmake: link `CMAKE_CURRENT_BINARY_DIR` modules * cmake,debian: fix
libbaresip dependency * cmake: set C only flags * FindPNG needs to find also
include directory * FindVPX needs to find also include directory * Multicast
send events on mcreg enable commands * call, menu: support display name for
outgoing calls * call: hangup call on transp reset if necessary * portaudio:
add `mediadev_add` with mediadev driver fields * call: fix mnat
`call_streams_alloc` * jack: fix CodeQL uninitialized local variable * Avoid
snapshot compiler warnings * avformat: remove old call to
`avcodec_register_all()` * avformat: remove `LIBAVUTIL_VERSION_MAJOR` check
* ua: wording for warning in `ua_refer_send()` * ua: use mbuf functions for
`ua_connect_dir` * ci: use `actions/checkout@v3` * avcodec: remove
`av_packet_free()` wrapper * selfview: create window in encode_update *
alsa: use C11 threads * config: fix template for `avcodec_xxx` * avformat:
use C11 threads * v4l2: use C11 threads * avcodec: remove
`LIBAVUTIL_VERSION_MAJOR` check * multicast: use C11 threads * menu fix
display name * account: do not complete dial URI if scheme is included *
menu: simplify URI complete * gtk: use new function
`account_uri_complete_strdup()` * Removed module avformat dependency on
libpostproc * make: detect and add swscale module in modules.mk * cmake: add
`APP_MODULES` symlinks * cmake: use `CMAKE_SHARED_MODULE_SUFFIX` # librem
v2.9.0 (2022-11-01) * cmake: add pre-release version handling *
`README.md`: Update build instructions for cmake * aubuf: exclude non
compatible CXX functions * auframe: skip level calculation if format is RAW
* ci: use `actions/checkout@v3` * vidframe_draw_point: add NV12 and NV21 pixel
format # libre v2.9.0 (2022-11-01) * cmake,make: bump version and set dev
identifier * udp: remove `udp_send_anon()` * cmake: enable export symbols
for backtrace * `README.md`: Update build instructions for cmake * cmake:
improve kqueue and epoll detection * fs: add `fs_stdio_hide()` and
`fs_stdio_restore()` helpers * json: remove unknown type warning * http: fix
warning arguments * net_if_getlinklocal: use AF from input parameter * fmt:
add `str_itoa` * SDP support for <proto> udp * tls: remove some warnings *
fmt: add `pl_trim` functions * aes/openssl: remove obsolete version check *
http: use `str_dup()` instead of unsafe `strcpy()` * doxygen: update comments
* reg: remove obsolete void cast * Tls connect debug * mk: update doxygen
file * ci: use `actions/checkout@v3` * tls: remove ifdef from public API *
sip: `sip_conncfg_set` pass by reference * dnsc get conf and skip hash alloc
without hash size changes * sdp/media: fix reorder codecs (restore old
behavior) * list: fix `list_flush` head and tail * prepare 2.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.9.0-1
- Upgrade to 2.9.0 (#2139163)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139163 - libre-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139163
[ 2 ] Bug #2139164 - librem-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139164
[ 3 ] Bug #2139174 - baresip-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139174
--------------------------------------------------------------------------------
================================================================================
librem-2.9.0-1.fc35 (FEDORA-2022-0d06491f80)
Audio and video processing media library
--------------------------------------------------------------------------------
Update Information:
# Baresip 2.9.0 (2022-11-01) * sndfile: Filename includes `strm->cname` (i.e.
`call->local_uri`) && `strm->peer` values (i.e. `call->peer_uri`) to
derive
source and destination of recorded call * log: optional timestamps *
avcodec: remove H263 codec * mk: bump `PROJECT_NUMBER` in `Doxyfile` *
stream: correct Doxygen for peer field * cmake: add pre version handling *
cmake,debian: use `dh-cmake` * cmake: add pkgconfig * Avoid webrtc_aecm
module C++20 extension warnings * cmake/ctrld_dbus: ninja and subdirectory
fixes * cmake: link `CMAKE_CURRENT_BINARY_DIR` modules * cmake,debian: fix
libbaresip dependency * cmake: set C only flags * FindPNG needs to find also
include directory * FindVPX needs to find also include directory * Multicast
send events on mcreg enable commands * call, menu: support display name for
outgoing calls * call: hangup call on transp reset if necessary * portaudio:
add `mediadev_add` with mediadev driver fields * call: fix mnat
`call_streams_alloc` * jack: fix CodeQL uninitialized local variable * Avoid
snapshot compiler warnings * avformat: remove old call to
`avcodec_register_all()` * avformat: remove `LIBAVUTIL_VERSION_MAJOR` check
* ua: wording for warning in `ua_refer_send()` * ua: use mbuf functions for
`ua_connect_dir` * ci: use `actions/checkout@v3` * avcodec: remove
`av_packet_free()` wrapper * selfview: create window in encode_update *
alsa: use C11 threads * config: fix template for `avcodec_xxx` * avformat:
use C11 threads * v4l2: use C11 threads * avcodec: remove
`LIBAVUTIL_VERSION_MAJOR` check * multicast: use C11 threads * menu fix
display name * account: do not complete dial URI if scheme is included *
menu: simplify URI complete * gtk: use new function
`account_uri_complete_strdup()` * Removed module avformat dependency on
libpostproc * make: detect and add swscale module in modules.mk * cmake: add
`APP_MODULES` symlinks * cmake: use `CMAKE_SHARED_MODULE_SUFFIX` # librem
v2.9.0 (2022-11-01) * cmake: add pre-release version handling *
`README.md`: Update build instructions for cmake * aubuf: exclude non
compatible CXX functions * auframe: skip level calculation if format is RAW
* ci: use `actions/checkout@v3` * vidframe_draw_point: add NV12 and NV21 pixel
format # libre v2.9.0 (2022-11-01) * cmake,make: bump version and set dev
identifier * udp: remove `udp_send_anon()` * cmake: enable export symbols
for backtrace * `README.md`: Update build instructions for cmake * cmake:
improve kqueue and epoll detection * fs: add `fs_stdio_hide()` and
`fs_stdio_restore()` helpers * json: remove unknown type warning * http: fix
warning arguments * net_if_getlinklocal: use AF from input parameter * fmt:
add `str_itoa` * SDP support for <proto> udp * tls: remove some warnings *
fmt: add `pl_trim` functions * aes/openssl: remove obsolete version check *
http: use `str_dup()` instead of unsafe `strcpy()` * doxygen: update comments
* reg: remove obsolete void cast * Tls connect debug * mk: update doxygen
file * ci: use `actions/checkout@v3` * tls: remove ifdef from public API *
sip: `sip_conncfg_set` pass by reference * dnsc get conf and skip hash alloc
without hash size changes * sdp/media: fix reorder codecs (restore old
behavior) * list: fix `list_flush` head and tail * prepare 2.9.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Robert Scheck <robert(a)fedoraproject.org> 2.9.0-1
- Upgrade to 2.9.0 (#2139164)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139163 - libre-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139163
[ 2 ] Bug #2139164 - librem-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139164
[ 3 ] Bug #2139174 - baresip-2.9.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139174
--------------------------------------------------------------------------------
================================================================================
libxcrypt-4.4.30-1.fc35 (FEDORA-2022-3c76b13e24)
Extended crypt library for descrypt, md5crypt, bcrypt, and others
--------------------------------------------------------------------------------
Update Information:
- New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.30-1
- New upstream release
* Mon Oct 31 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.29-1
- New upstream release
* Wed Aug 10 2022 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.28-3
- Rebuilt for arc4random_buf in glibc 2.36 (or later)
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.4.28-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openvpn-2.5.8-1.fc35 (FEDORA-2022-5ccf9f266d)
A full-featured TLS VPN solution
--------------------------------------------------------------------------------
Update Information:
Update to upstream OpenVPN 2.5.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 David Sommerseth <davids(a)openvpn.net> - 2.5.8-1
- Update to upstream OpenVPN 2.5.8
--------------------------------------------------------------------------------
================================================================================
osbuild-composer-67-1.fc35 (FEDORA-2022-1b166f9b06)
An image building service based on osbuild
--------------------------------------------------------------------------------
Update Information:
New upstream release: 67
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Packit <hello(a)packit.dev> - 67-1
Changes with 67
----------------
* Cloud API: make `location` optional for Azure Upload Options (#3093)
* Content url and rhsm ostree resolve (#3091)
* Fix blueprint firewall support (#3099)
* Ostree resolve job (#3072)
* RHEL-8.7+/9.1+: replace RHSM config on EC2 RHUI images with
`redhat-cloud-client-configuration` package (#3081)
* Update snapshots to 20221025 (#3098)
* build(deps): bump
github.com/spf13/cobra from 1.5.0 to 1.6.1 (#3094)
* distro: add support for RHEL 8.8 and 9.2 (#3095)
* internal/cloudapi: add ostree options for all otree image types (#3089)
* koji: put artifacts uploaded to koji under a second level directory (#3083)
* schutzbot/update_github_status: fix release fast-forwarding (#3082)
* spec: Fix ownership of the dnf-json rpmmd files (#3085)
* tests: Update the version of azurerm terraform provider (#3075)
Contributions from: Alexander Todorov, Antonio Murdaca, Brian C. Lane, Jakub Rusz, Ond��ej
Budai, Sanne Raymaekers, Tom���� Hozza, dependabot[bot], schutzbot
��� Somewhere on the Internet, 2022-11-02
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Parser-3.80-1.fc35 (FEDORA-2022-14a0eb2643)
Perl module for parsing HTML
--------------------------------------------------------------------------------
Update Information:
3.80 - Fix compatibility with ancient perl by avoiding index in test
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 3.80-1
- 3.80 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2139129 - perl-HTML-Parser-3.80 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2139129
--------------------------------------------------------------------------------
================================================================================
putty-0.78-1.fc35 (FEDORA-2022-16d35cbe5e)
SSH, Telnet and Rlogin client
--------------------------------------------------------------------------------
Update Information:
This is new version of putty.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Jaroslav ��karvada <jskarvad(a)redhat.com> - 0.78-1
- New version
Resolves: rhbz#2138511
* Fri Jul 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.76-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.76-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2138511 - putty-0.78 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2138511
--------------------------------------------------------------------------------
================================================================================
python-contourpy-1.0.6-1.fc35 (FEDORA-2022-ca49c33d01)
Python library for calculating contours in 2D quadrilateral grids
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> 1.0.6-1
- Update to latest version (#2138650)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2138650 - python-contourpy-1.0.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2138650
--------------------------------------------------------------------------------
================================================================================
rust-hyper-0.14.22-1.fc35 (FEDORA-2022-3db67bfca1)
Fast and correct HTTP library
--------------------------------------------------------------------------------
Update Information:
Update to version 0.14.22.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 2 2022 Fabio Valentini <decathorpe(a)gmail.com> 0.14.22-1
- Update to version 0.14.22
* Sat Jul 23 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.14.20-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xen-4.15.3-7.fc35 (FEDORA-2022-99af00f60e)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309] Xenstore: Guests
can create orphaned Xenstore nodes [XSA-415, CVE-2022-42310] Xenstore: guests
can let run xenstored out of memory [XSA-326, CVE-2022-42311, CVE-2022-42312,
CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317,
CVE-2022-42318] Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319] Xenstore: Guests can get access to Xenstore nodes of
deleted domains [XSA-417, CVE-2022-42320] Xenstore: Guests can crash xenstored
via exhausting the stack [XSA-418, CVE-2022-42321] Xenstore: Cooperating guests
can create arbitrary numbers of nodes [XSA-419, CVE-2022-42322, CVE-2022-42323]
Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
Xenstore: Guests can create arbitrary number of nodes via transactions [XSA-421,
CVE-2022-42325, CVE-2022-42326] ---- add patch to fix an incorrect backport
Arm: unbounded memory consumption for 2nd-level page tables [XSA-409,
CVE-2022-33747] (#2135268) P2M pool freeing may take excessively long [XSA-410,
CVE-2022-33746] (#2135641) lock order inversion in transitive grant copy
handling [XSA-411, CVE-2022-33748] (#2135263)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 1 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.3-7
- Xenstore: Guests can crash xenstored [XSA-414, CVE-2022-42309]
- Xenstore: Guests can create orphaned Xenstore nodes [XSA-415,
CVE-2022-42310]
- Xenstore: guests can let run xenstored out of memory [XSA-326,
CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314,
CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318]
- Xenstore: Guests can cause Xenstore to not free temporary memory
[XSA-416, CVE-2022-42319]
- Xenstore: Guests can get access to Xenstore nodes of deleted domains
[XSA-417, CVE-2022-42320]
- Xenstore: Guests can crash xenstored via exhausting the stack
[XSA-418, CVE-2022-42321]
- Xenstore: Cooperating guests can create arbitrary numbers of nodes
[XSA-419, CVE-2022-42322, CVE-2022-42323]
- Oxenstored 32->31 bit integer truncation issues [XSA-420, CVE-2022-42324]
- Xenstore: Guests can create arbitrary number of nodes via transactions
[XSA-421, CVE-2022-42325, CVE-2022-42326]
* Tue Oct 18 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.3-6
- add patch to fix an incorrect backport
* Tue Oct 18 2022 Michael Young <m.a.young(a)durham.ac.uk> - 4.15.3-5
- Arm: unbounded memory consumption for 2nd-level page tables [XSA-409,
CVE-2022-33747] (#2135268)
- P2M pool freeing may take excessively long [XSA-410, CVE-2022-33746]
(#2135641)
- lock order inversion in transitive grant copy handling [XSA-411,
CVE-2022-33748] (#2135263)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2135262 - CVE-2022-33748 xen: lock order inversion in transitive grant copy
handling
https://bugzilla.redhat.com/show_bug.cgi?id=2135262
[ 2 ] Bug #2135267 - CVE-2022-33747 xen: unbounded memory consumption for 2nd-level page
tables
https://bugzilla.redhat.com/show_bug.cgi?id=2135267
[ 3 ] Bug #2135640 - CVE-2022-33746 xen: P2M pool freeing may take excessively long
https://bugzilla.redhat.com/show_bug.cgi?id=2135640
--------------------------------------------------------------------------------