The following Fedora 27 Security updates need testing:
Age URL
18
https://bodhi.fedoraproject.org/updates/FEDORA-2018-969328b17c jhead-3.00-7.fc27
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b22d46eabb
libvirt-3.7.0-4.fc27
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1ec1cd6db3 bro-2.5.3-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-433d2dc3c7 irssi-1.0.7-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-5aec14e125 exim-4.90.1-2.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2331a462fb
milkytracker-1.01.00-1.fc27
6
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c6cb18d057
seamonkey-2.49.2-2.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb58dc8a6f
mbedtls-2.7.0-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1e0e37e148
bugzilla-5.0.4-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fe5a6ed3b7
knot-resolver-2.1.0-1.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4edbabf88a
electrum-3.0.6-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3ba1be2e79
wavpack-5.1.0-7.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0a356fb68
cryptopp-5.6.5-2.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-81e1618ab9
glibc-arm-linux-gnu-2.26-4.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a1650ed14f
php-phpmyadmin-motranslator-4.0-1.fc27 php-phpmyadmin-sql-parser-4.2.4-3.fc27
phpMyAdmin-4.7.8-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb1f26bd2c
unbound-1.6.8-6.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-023baab00f
mingw-wavpack-5.1.0-4.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-288870f457
mingw-leptonica-1.74.4-3.fc27 leptonica-1.74.4-4.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9cd3ff3784
quagga-1.2.2-2.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-8f4b3fa844
sharutils-4.15.2-8.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2eb691e7d7
freexl-1.0.5-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-40ed78700c ruby-2.4.3-87.fc27
The following Fedora 27 Critical Path updates have yet to be approved:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-fdb6b936e4 nss-3.35.0-1.1.fc27
nss-softokn-3.35.0-1.0.fc27 nss-util-3.35.0-1.0.fc27 nspr-4.18.0-1.fc27
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d73421f7e6 pcre2-10.31-1.fc27
11
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c9b5e3f68c
libguestfs-1.38.0-1.fc27
10
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b22d46eabb
libvirt-3.7.0-4.fc27
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dab548649a
perl-PathTools-3.74-1.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3ba1be2e79
wavpack-5.1.0-7.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2f076fcd3c pcre-8.41-6.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a9711c96b2
selinux-policy-3.13.1-283.26.fc27
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2db4bd7ebb
zerofree-1.1.1-1.fc27
3
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a6b436d186 sssd-1.16.0-8.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ad05c5a71e
redhat-rpm-config-75-1.fc27
2
https://bodhi.fedoraproject.org/updates/FEDORA-2018-20611f7cb1
breeze-icon-theme-5.43.0-1.fc27 extra-cmake-modules-5.43.0-1.fc27 kf5-5.43.0-1.fc27
kf5-attica-5.43.0-1.fc27 kf5-baloo-5.43.0-1.fc27 kf5-bluez-qt-5.43.0-1.fc27
kf5-frameworkintegration-5.43.0-2.fc27 kf5-kactivities-5.43.0-2.fc27
kf5-kactivities-stats-5.43.0-2.fc27 kf5-kapidox-5.43.0-1.fc27 kf5-karchive-5.43.0-1.fc27
kf5-kauth-5.43.0-1.fc27 kf5-kbookmarks-5.43.0-2.fc27 kf5-kcmutils-5.43.0-3.fc27
kf5-kcodecs-5.43.0-1.fc27 kf5-kcompletion-5.43.0-1.fc27 kf5-kconfig-5.43.0-1.fc27
kf5-kconfigwidgets-5.43.0-1.fc27 kf5-kcoreaddons-5.43.0-1.fc27 kf5-kcrash-5.43.0-1.fc27
kf5-kdbusaddons-5.43.0-1.fc27 kf5-kdeclarative-5.43.0-2.fc27 kf5-kded-5.43.0-3.fc27
kf5-kdelibs4support-5.43.0-3.fc27 kf5-kdesignerplugin-5.43.0-2.fc27
kf5-kdesu-5.43.0-1.fc27 kf5-kdewebkit-5.43.0-2.fc27 kf5-kdnssd-5.43.0-1.fc27
kf5-kdoctools-5.43.0-1.fc27 kf5-kemoticons-5.43.0-1.fc27 kf5-kfilemetadata-5.43.0-1.fc27
kf5-kglobalaccel-5.43.0-1.fc27 kf5-kguiad
dons-5.43.0-1.fc27 kf5-khtml-5.43.0-3.fc27 kf5-ki18n-5.43.0-1.fc27
kf5-kiconthemes-5.43.0-1.fc27 kf5-kidletime-5.43.0-1.fc27 kf5-kimageformats-5.43.0-1.fc27
kf5-kinit-5.43.0-2.fc27 kf5-kio-5.43.0-3.fc27 kf5-kirigami2-5.43.0-1.fc27
kf5-kitemmodels-5.43.0-1.fc27 kf5-kitemviews-5.43.0-1.fc27 kf5-kjobwidgets-5.43.0-1.fc27
kf5-kjs-5.43.0-1.fc27 kf5-kjsembed-5.43.0-1.fc27 kf5-kmediaplayer-5.43.0-2.fc27
kf5-knewstuff-5.43.0-2.fc27 kf5-knotifications-5.43.0-1.fc27
kf5-knotifyconfig-5.43.0-2.fc27 kf5-kpackage-5.43.0-1.fc27 kf5-kparts-5.43.0-2.fc27
kf5-kpeople-5.43.0-1.fc27 kf5-kplotting-5.43.0-1.fc27 kf5-kpty-5.43.0-1.fc27
kf5-kross-5.43.0-2.fc27 kf5-krunner-5.43.0-3.fc27 kf5-kservice-5.43.0-1.fc27
kf5-ktexteditor-5.43.0-3.fc27 kf5-ktextwidgets-5.43.0-1.fc27
kf5-kunitconversion-5.43.0-1.fc27 kf5-kwallet-5.43.0-1.fc27 kf5-kwayland-5.43.0-1.fc27
kf5-kwidgetsaddons-5.43.0-1.fc27 kf5-kwindowsystem-5.43.0-1.fc27 kf5-kxmlgui-5.43.0-1.fc27
kf5-kxmlrpcclient-5.43.0-2.fc27 kf5-modemmanager-qt-5.43.0-
1.fc27 kf5-networkmanager-qt-5.43.0-1.fc27 kf5-plasma-5.43.0-3.fc27
kf5-prison-5.43.0-1.fc27 kf5-purpose-5.43.0-1.fc27 kf5-solid-5.43.0-2.fc27
kf5-sonnet-5.43.0-1.fc27 kf5-syntax-highlighting-5.43.0-1.fc27
kf5-threadweaver-5.43.0-1.fc27 oxygen-icon-theme-5.43.0-1.fc27
qqc2-desktop-style-5.43.0-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-93379d014f fwupd-1.0.5-2.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-1c31f1eccd
libnftnl-1.0.9-2.fc27 nftables-0.8.2-2.fc27 iptables-1.6.2-1.fc27
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-108cf7dc52
policycoreutils-2.7-5.fc27
The following builds have been pushed to Fedora 27 updates-testing
bridge-utils-1.6-1.fc27
caddy-0.10.11-1.fc27
ceph-12.2.3-1.fc27
cloudcompare-2.9.1-1.fc27
copr-backend-1.113-1.fc27
copr-cli-1.67-1.fc27
copr-dist-git-0.40-1.fc27
copr-frontend-1.128-1.fc27
copr-keygen-1.71-1.fc27
copr-rpmbuild-0.17-1.fc27
copr-selinux-1.48-1.fc27
cri-o-1.9.7-2.gita98f9c9.fc27
dippi-2.5.4-1.fc27
dnsmasq-2.78-5.fc27
drupal7-7.57-1.fc27
eclipse-linuxtools-6.2.0-6.fc27
filezilla-3.31.0-1.fc27
firefox-pkcs11-loader-3.13.0-1.fc27
fotoxx-18.01.3-1.fc27
fpc-3.0.4-1.fc27
heketi-6.0.0-1.fc27
imgbased-1.0.999-0.2.fc27
lazarus-1.8.0-1.fc27
libcouchbase-2.8.5-1.fc27
libfilezilla-0.12.1-1.fc27
moarvm-0.2018.02-1.fc27
nqp-0.0.2018.02-1.fc27
nx-libs-3.5.0.33-4.fc27
podman-0.2.2-1.git525e3b1.fc27
python-copr-1.86-1.fc27
python-crypto-2.6.1-22.fc27
qt-virt-manager-0.52.80-2.fc27
qt5-qtwebengine-5.10.1-1.fc27
rakudo-0.2018.02.1-1.fc27
sequeler-0.5.3-1.fc27
tlp-1.1-1.fc27
usermode-1.112-1.fc27
waiverdb-0.8.0-1.fc27
wavemon-0.8.2-1.fc27
x2goserver-4.0.1.22-2.fc27
Details about builds:
================================================================================
bridge-utils-1.6-1.fc27 (FEDORA-2018-0f1d43ce9f)
Utilities for configuring the linux ethernet bridge
--------------------------------------------------------------------------------
Update Information:
https://marc.info/?l=linux-netdev&m=147672021514270
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1389966 - bridge-utils-1.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1389966
--------------------------------------------------------------------------------
================================================================================
caddy-0.10.11-1.fc27 (FEDORA-2018-f2d29c6b0f)
HTTP/2 web server with automatic HTTPS
--------------------------------------------------------------------------------
Update Information:
- Latest upstream
--------------------------------------------------------------------------------
================================================================================
ceph-12.2.3-1.fc27 (FEDORA-2018-852685d505)
User space components of the Ceph file system
--------------------------------------------------------------------------------
Update Information:
New release (1:12.2.3-1)
--------------------------------------------------------------------------------
================================================================================
cloudcompare-2.9.1-1.fc27 (FEDORA-2018-f008ca833c)
3D point cloud and mesh processing software
--------------------------------------------------------------------------------
Update Information:
3D point cloud and mesh processing software
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1490057 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1490057
--------------------------------------------------------------------------------
================================================================================
copr-backend-1.113-1.fc27 (FEDORA-2018-c9b83bb304)
Backend for Copr
--------------------------------------------------------------------------------
Update Information:
- original builder deprecation - remove Group tag - Shebangs cleanup - escapes
in changelogs - use netaddr instead of IPy module - sleep after each load_jobs
iteration - python3 conversion - UMB: adding content type - add source_status
field for Builds - generate module artifacts rpms - the rsync log is actually
renderred directly into result dir now - mockchain.log renamed to backend.log -
pg#192 missing records in mockchain.log - enable running tests in spec file -
enable and update vmmamanger tests, fix three minor bugs in the manager -
frontend now presents the whole job queue state to backend - copy only module
builds into the repo directory ---- - exception handling for hit counting
when IP address cannot be parsed ---- - terminate also 'in_use' builders if
health checks have failed - make --detached the last arg for copr-rpmbuild -
update copr_log_hitcounter to check ip against ignored pattern - new msg bus
options - disable DNF makecache timer/service - fix message duplication for
multi-bus scenario - optimize createrepo_c - Revert "[backend] remove --ignore-
lock from createrepo_c"
--------------------------------------------------------------------------------
================================================================================
copr-cli-1.67-1.fc27 (FEDORA-2018-7f93a72506)
Command line interface for COPR
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - Shebangs cleanup - fix deps in spec - allow running tests
only for epel7 - tests also for python2 during builds - new custom source method
- require to specify project when building module
--------------------------------------------------------------------------------
================================================================================
copr-dist-git-0.40-1.fc27 (FEDORA-2018-027c334d03)
Copr services for Dist Git server
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - Shebangs cleanup - fix spec for rhel8 - escapes in
changelogs - remove old conditional in spec - fix python requires, also trim
deps down - add source_status field for Builds - remove no longer needed
CAP_SYS_CHROOT cap
--------------------------------------------------------------------------------
================================================================================
copr-frontend-1.128-1.fc27 (FEDORA-2018-38ce310035)
Frontend for Copr
--------------------------------------------------------------------------------
Update Information:
- fix counting stat logic - use end_commit when building by copr-fedmsg-listener
- update service file for copr-fedmsg-listener to use python3 - add forked
description - fix init_db - fix unittests (zlib.compress expects bytes, not str)
- task queue info cleanup - fix initial build.source_status and chroot statuses
for auto- rebuilds - remove some old python scripts - enable chroot for every
project that follows branching - fix copr_url() template macro for custom method
- remove Group tag - Shebangs cleanup - new custom source method - fix search
page error due to missing graph data - add fetch_sources_only: True into build
task defintion - add graphs of utilization - option to give COPR repository
bigger priority (see #97) - grammar: s/duplicate a backend data/duplicate
backend data/ - Trailing ".git" is ignored when matching clone URL, so is
unnecessary. - fix frontend by disabling doc generation - Accept webhooks from
bitbucket.org. - Expand docs on how to find the correct Pagure hook setting. -
fix typos - fixed status_to_order, order_to_status functions, added waiting
icon - add indeces for faster build selection - add source_status field for
Builds - implement the module buildorder logic - krb5: last iteritems()->items()
- have .repo on the end of module repofile URL - set the gpg properties for
module repo - Byecompile files in %%{_datadir} with python3 - pg#191 When auto-
rebuilding from push event, use a head commit hash - move run3_tests.sh into
run_tests.sh, polish .spec a bit - fix run scripts under python3 - frontend now
presents the whole job queue state to backend - opt rename SRPM_STORAGE_DIR to
STORAGE_DIR - new generic web-hook - when passing URL with path, expect it in
result; see ad9c3b4cc - remove outdated tests, see 3f62873 - add index to build
module_id - copy only module builds into the repo directory - generate the
module NSV rather than asking for it - fix condition that all module packages
were successfully built - remove outdated modularity code - fix baseurl for
module repofile - build modules in all enabled chroots - implement submitting
modules via URL - set default values for optional modulemd params - change
module version to bigint - always have a known state of a module - have unique
module nsv per project - build a module without using MBS - require to specify
project when building module - add build to module relation - limit spec to
python3 deps and switch application and scripts to python3 - pg#188 COPR
webhook doesn't work with branches - python3 conversion
--------------------------------------------------------------------------------
================================================================================
copr-keygen-1.71-1.fc27 (FEDORA-2018-17c38441a8)
Part of Copr build system. Aux service that generate keys for signd
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - Shebangs cleanup - update doc generation to python3
--------------------------------------------------------------------------------
================================================================================
copr-rpmbuild-0.17-1.fc27 (FEDORA-2018-cc8f474468)
Run COPR build tasks
--------------------------------------------------------------------------------
Update Information:
- remove unused requires and rename rpm-python3 to python3-rpm - switch copr-
sources-custom to python3 shebang - keep tmpfs data mounted acros mock
invocations for custom method - new custom source method - add support for
fetch_sources_only in task defition - allow building rpms from srpms fetched by
providers, - extend cmdline with scm submode - optionally set a priority for a
repo - add test for create_rpmmacros + refactoring - allow only https and ftps
protocols for source fetch
--------------------------------------------------------------------------------
================================================================================
copr-selinux-1.48-1.fc27 (FEDORA-2018-11f4dc252c)
SELinux module for COPR
--------------------------------------------------------------------------------
Update Information:
- remove Group tag
--------------------------------------------------------------------------------
================================================================================
cri-o-1.9.7-2.gita98f9c9.fc27 (FEDORA-2018-4e467d0c95)
CRI-O is the Kubernetes Container Runtime Interface for OCI-based containers
--------------------------------------------------------------------------------
Update Information:
make sure correct version in changelog ---- Minor fixes for image handling.
---- image: Add lock around image cache access ---- Fixes to
containers/storage and containers/image ---- Latest update, lots of bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1544164 - cri-o-v1.9.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1544164
[ 2 ] Bug #1545466 - cri-o-v1.9.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1545466
--------------------------------------------------------------------------------
================================================================================
dippi-2.5.4-1.fc27 (FEDORA-2018-bd9795faa7)
Calculate display info like DPI and aspect ratio
--------------------------------------------------------------------------------
Update Information:
Update to version 2.5.4.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1541819 - dippi-2.5.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1541819
--------------------------------------------------------------------------------
================================================================================
dnsmasq-2.78-5.fc27 (FEDORA-2018-2f1f243787)
A lightweight DHCP/caching DNS server
--------------------------------------------------------------------------------
Update Information:
create a separate user for dnsmasq.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1548050 - dnsmasq starts dnsmasq which runs as nobody user
https://bugzilla.redhat.com/show_bug.cgi?id=1548050
--------------------------------------------------------------------------------
================================================================================
drupal7-7.57-1.fc27 (FEDORA-2018-dc984c59e5)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
This update fixes multiple security vulnerabilities. Read more details here:
https://www.drupal.org/SA-CORE-2018-001
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1548191 - drupal7: drupal: JavaScript cross-site scripting in checkPlain
function [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548191
[ 2 ] Bug #1548326 - drupal7: drupal: Multiple vulnerabilities fixed in 7.57 and 8.4.5
(SA-CORE-2018-001) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548326
[ 3 ] Bug #1548202 - drupal7: drupal: External link injection on 404 pages when linking
to the current page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548202
[ 4 ] Bug #1548198 - drupal7: drupal: jQuery vulnerability with untrusted domains
requests via Ajax [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548198
[ 5 ] Bug #1548194 - drupal7: drupal: Private file access bypass in Drupal private file
system [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548194
[ 6 ] Bug #1548190 - drupal7: drupal: JavaScript cross-site scripting in checkPlain
function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1548190
[ 7 ] Bug #1547793 - drupal7-7.57 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1547793
--------------------------------------------------------------------------------
================================================================================
eclipse-linuxtools-6.2.0-6.fc27 (FEDORA-2018-fa64d6114c)
Linux specific Eclipse plugins
--------------------------------------------------------------------------------
Update Information:
Remove extraneous debugging traceback ---- Fix for regression in Docker
Copying files.
--------------------------------------------------------------------------------
================================================================================
filezilla-3.31.0-1.fc27 (FEDORA-2018-e402b37581)
FTP, FTPS and SFTP client
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
firefox-pkcs11-loader-3.13.0-1.fc27 (FEDORA-2018-4558f54f10)
Helper script for Firefox that sets up the browser for authentication with Estonian
ID-card
--------------------------------------------------------------------------------
Update Information:
3.13 release
--------------------------------------------------------------------------------
================================================================================
fotoxx-18.01.3-1.fc27 (FEDORA-2018-182e0e7b95)
Photo editor
--------------------------------------------------------------------------------
Update Information:
18.01.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1548211 - fotoxx-18.01.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1548211
--------------------------------------------------------------------------------
================================================================================
fpc-3.0.4-1.fc27 (FEDORA-2018-ae3cc74dc7)
Free Pascal Compiler
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream release 3.0.4
--------------------------------------------------------------------------------
================================================================================
heketi-6.0.0-1.fc27 (FEDORA-2018-33b3f814f9)
RESTful based volume management framework for GlusterFS
--------------------------------------------------------------------------------
Update Information:
Release 6,0.0 final
--------------------------------------------------------------------------------
================================================================================
imgbased-1.0.999-0.2.fc27 (FEDORA-2018-e315063512)
Tools to work with an image based rootfs
--------------------------------------------------------------------------------
Update Information:
Development for 4.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1531501 - the problem is with the imgbased package
https://bugzilla.redhat.com/show_bug.cgi?id=1531501
--------------------------------------------------------------------------------
================================================================================
lazarus-1.8.0-1.fc27 (FEDORA-2018-6ad0159e14)
Lazarus Component Library and IDE for Freepascal
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 1.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1525820 - Need update lazarus to 1.8.0
https://bugzilla.redhat.com/show_bug.cgi?id=1525820
--------------------------------------------------------------------------------
================================================================================
libcouchbase-2.8.5-1.fc27 (FEDORA-2018-5b811bb8af)
Client and protocol library for the Couchbase project
--------------------------------------------------------------------------------
Update Information:
## Upstream release API documentation:
http://docs.couchbase.com/sdk-
api/couchbase-c-client-2.8.5/ ### Spec Changes * Package now install tapset
for SystemTap * Snappy dependency has been removed, as package now integrates
snappy and uses its internal C++ classes. It cannot be unbundled. ### Upstream
Changes * [
CCBC-883](https://issues.couchbase.com/browse/CCBC-883): Always use
built-in compression. It is not possible to unbundle the Snappy library, as
libcouchbase uses the C++ API which is not exported in the headers. Also,
compression can now work on all types of buffers, including `LCB_KV_IOV` and
`LCB_KV_IOVCOPY`. This fixes compression in `cbc-pillowfight` tool. *
[
CCBC-895](https://issues.couchbase.com/browse/CCBC-895): Fix typo in rendering
IPv6 addresses in `lcb_diag`. *
[
CCBC-879](https://issues.couchbase.com/browse/CCBC-879): Implement log
redaction. When `log_redaction=on` is specified in the connection string, the
library will wrap sensitive data in the logs in special tags, which can be
processed by the `cblogredaction` tool from the server distribution. *
[
CCBC-893](https://issues.couchbase.com/browse/CCBC-894): Updated list of subdoc
error codes. * [
CCBC-892](https://issues.couchbase.com/browse/CCBC-892): Enable
the SSL trust store to be in a separate file. Trust store has to be specified
with option `truststorepath=���`, otherwise the library will expect it to be
stored with the certificate in `certpath=`. *
[
CCBC-888](https://issues.couchbase.com/browse/CCBC-888): Per operation tracing.
When compiled with tracing support (`cmake -DLCB_TRACING=ON`), the library will
expose the tracing API, which allows to measure time of every data operation,
and include some extra information. The API is modeled after OpenTracing and
allows one to write custom tracers to consume this information. For more
information, see an example in
[example/tracing/tracing.c](example/tracing/tracing.c). This is uncommitted API
at this time. Also this feature includes support for new type of the server
responses, which include time spent to execute the KV command on the server.
This feature controlled by `enable_tracing` option in connection string or
`lcb_cntl(..., LCB_CNTL_ENABLE_TRACING, ...)`. * Added basic support of JSON
datatype. The library will negotiate a mode, in which the application will see
`LCB_VALUE_F_JSON` flag on datatype field of the response in the operation
callback, if the cluster detected the content of the document to be valid JSON.
Also the application can send this flag on the outgoing documents to notify the
server about payload format. * Refresh dtrace/systemtap integration. Also adds
tapset for SystemTap to simplify access to trace points. * cbc-pillowfight
improvements and changes: * dump diagnostics on `SIGQUIT` (CTRL-\ in
terminal). * with `-J`/`--json`, the JSON datatype will be sent on the
documents. * enable randomized document bodies with `-R`/`--random-body`
switch. * durability checks for pillowfight with `--persist-to
`/`--replicate-to`. * pessimistic locking of keys before updating with
`--lock`. * when requesting timings with `-T`/`--timings`, the application
will no longer dump them periodically.Instead it will await for the user to
signal `SIGQUIT` and also dump them on exit. The old mode of reporting regularly
is enabled by repeating the switch more than once (e.g. `-TT`). * Added the
cbc-watch command to monitor server stats. By default it tracks `cmd_total_ops`,
`cmd_total_gets` and `cmd_total_sets` updating stats once a second, and
displaying diff with the previous value.
--------------------------------------------------------------------------------
================================================================================
libfilezilla-0.12.1-1.fc27 (FEDORA-2018-e402b37581)
C++ Library for FileZilla
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
moarvm-0.2018.02-1.fc27 (FEDORA-2018-b9a861ef5f)
Meta-model On A Runtime Virtual Machine
--------------------------------------------------------------------------------
Update Information:
update to 2018.02
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1531855 - Rakudo: This type cannot unbox to a native string: P6opaque,
Failure
https://bugzilla.redhat.com/show_bug.cgi?id=1531855
--------------------------------------------------------------------------------
================================================================================
nqp-0.0.2018.02-1.fc27 (FEDORA-2018-b9a861ef5f)
Not Quite Perl (6)
--------------------------------------------------------------------------------
Update Information:
update to 2018.02
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1531855 - Rakudo: This type cannot unbox to a native string: P6opaque,
Failure
https://bugzilla.redhat.com/show_bug.cgi?id=1531855
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.33-4.fc27 (FEDORA-2017-60c4aa0e01)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via
TEMP/NX_TEMP environment variables. Fixes problems on machines that use
pam_tempdir.so. - Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. -
Potentially improve LAN- and WAN-type connection speed settings scenarios.
Includes a regression fix for VPN connections by Simon Matter. - Fix problems in
mate-color-picker and potentially also other applications that make heavy use of
RENDER trapezoids. x2goserver 4.0.1.22: - Fixed overzealous nxagent socket
removal. - Keyboard mapping fixes, including preparation for usage with
Arctica's nx-libs version (not supported in this version of X2Go Server, yet). -
Support for Devuan and RT OS full desktop session spawning. - Always use short
host name, don't rely on ${HOSTNAME} variable. Compatibility with non-bash
login shells. - Spawn full desktop sessions with a new dbus user session
instance. - Finnish translation update. - Added support for LXQt full desktop
sessions. - New command: x2golistshadowsessions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1478974 - x2go killed by systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1478974
[ 2 ] Bug #1510900 - nx-libs-3.5.0.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510900
--------------------------------------------------------------------------------
================================================================================
podman-0.2.2-1.git525e3b1.fc27 (FEDORA-2018-2671758577)
Manage Pods, Containers and Container Images
--------------------------------------------------------------------------------
Update Information:
v0.2.2
--------------------------------------------------------------------------------
================================================================================
python-copr-1.86-1.fc27 (FEDORA-2018-48a7c1ee1d)
Python interface for Copr
--------------------------------------------------------------------------------
Update Information:
- remove Group tag - build python2-copr package conditionally - Remove
unnecessary shebang sed in copr-cli.spec and python-copr.spec - fix deps in spec
- new custom source method - use username from config if nothing is explicitly
specified - remove outdated modularity code - require to specify project when
building module
--------------------------------------------------------------------------------
================================================================================
python-crypto-2.6.1-22.fc27 (FEDORA-2018-913c225b49)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
The textbook ElGamal implementation is not secure. PyCrypto and some other
implementations use the wrong algorithm, which may lead to some information
disclosure simply by looking at the encrypted text. For a full description, see
https://github.com/dlitz/pycrypto/issues/253 This update includes a fix for
this problem backported from pycryptodome.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1542313 - CVE-2018-6594 python-crypto: Weak ElGamal key parameters in
PublicKey/ElGamal.py allow attackers to obtain sensitive information by reading
ciphertext
https://bugzilla.redhat.com/show_bug.cgi?id=1542313
--------------------------------------------------------------------------------
================================================================================
qt-virt-manager-0.52.80-2.fc27 (FEDORA-2018-0958587304)
Qt Virtual Machine Manager
--------------------------------------------------------------------------------
Update Information:
added Russian and Italian translations; some enhancements;
--------------------------------------------------------------------------------
================================================================================
qt5-qtwebengine-5.10.1-1.fc27 (FEDORA-2018-e08d828ed9)
Qt5 - QtWebEngine components
--------------------------------------------------------------------------------
Update Information:
This update updates QtWebEngine to the 5.10.1 bugfix and security release.
QtWebEngine 5.10.1 is part of the Qt 5.10.1 release, but only the QtWebEngine
component is included in this update. This update includes: * Security fixes
from Chromium up to version 64.0.3282.140. Including: CVE-2017-15407,
CVE-2017-15409, CVE-2017-15410, CVE-2017-15411, CVE-2017-15415, CVE-2017-15416,
CVE-2017-15418, CVE-2017-15419, CVE-2017-15422, CVE-2017-15423, CVE-2017-15424,
CVE-2017-15425, CVE-2017-15426, CVE-2018-6031, CVE-2018-6033, CVE-2018-6034,
CVE-2018-6036, CVE-2018-6037, CVE-2018-6038, CVE-2018-6040, CVE-2018-6041,
CVE-2018-6042, CVE-2018-6047, CVE-2018-6048, CVE-2018-6050, CVE-2018-6051,
CVE-2018-6052, CVE-2018-6053 and CVE-2018-6054. * Mitigations for SPECTRE:
disabled shared-buffers, added cryptographic noise to precision timers *
[QTBUG-47206] Fixed incorrect layouting due to bug in HTML5 viewport support. *
[QTBUG-47945, QTBUG-65647] Fixed random crashes on exit * [QTBUG-57206] Fixed
regression in viewport handling in embedded mode * [QTBUG-58400] Improved memory
usage when printing * [QTBUG-63867] Fixed <canvas> elements when compiled
without OpenGL * [QTBUG-63266, QTBUG-64436] Fixed that pointerType of Pointer
Events was empty * [QTBUG-63606] Improved runtime disabling and clearing of HTTP
cache * [QTBUG-64436] QtWebEngineWidgets: Fixed crash when exiting fullscreen
mode using the context menu. * [QTBUG-64560] Fixed rendering glitches after
renderProcessTerminated signal was emitted. * [QTBUG-64812] Fixed message bubble
position in Hi-DPI mode * [QTBUG-64869, QTBUG-65004] Added testing for 32-bit
host compiler when crossbuilding to 32-bit platforms * [QTBUG-64933]
QtWebEngineWidgets: Fixed tooltips that did still show after mouse was moved
away. * [QTBUG-65239] Fixed hanging of process if application is closed too fast
after startup. * [QTBUG-65715] Fixed double margins when printing
--------------------------------------------------------------------------------
================================================================================
rakudo-0.2018.02.1-1.fc27 (FEDORA-2018-b9a861ef5f)
Perl 6 compiler implementation that runs on MoarVM
--------------------------------------------------------------------------------
Update Information:
update to 2018.02
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1531855 - Rakudo: This type cannot unbox to a native string: P6opaque,
Failure
https://bugzilla.redhat.com/show_bug.cgi?id=1531855
--------------------------------------------------------------------------------
================================================================================
sequeler-0.5.3-1.fc27 (FEDORA-2018-7dbd7d4e22)
SQL Client built in Vala
--------------------------------------------------------------------------------
Update Information:
Update to version 0.5.3. Release notes:
https://github.com/Alecaddd/sequeler/releases/tag/v0.5.3
https://github.com/Alecaddd/sequeler/releases/tag/v0.5.2
https://github.com/Alecaddd/sequeler/releases/tag/v0.5.1
https://github.com/Alecaddd/sequeler/releases/tag/v0.5.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1547317 - sequeler-v0.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1547317
--------------------------------------------------------------------------------
================================================================================
tlp-1.1-1.fc27 (FEDORA-2018-cdfc6c3d39)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1538383 - tlp-1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1538383
--------------------------------------------------------------------------------
================================================================================
usermode-1.112-1.fc27 (FEDORA-2018-a7f8a47fa1)
Tools for certain user account management tasks
--------------------------------------------------------------------------------
Update Information:
Update to **usermode-1.112**
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1269643 - usermode : Fix Catalan translation and fix execution permission in
source
https://bugzilla.redhat.com/show_bug.cgi?id=1269643
--------------------------------------------------------------------------------
================================================================================
waiverdb-0.8.0-1.fc27 (FEDORA-2018-6ed233874c)
Service for waiving results in ResultsDB
--------------------------------------------------------------------------------
Update Information:
Release notes:
https://docs.pagure.org/waiverdb/release-notes.html#waiverdb-0-8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1538463 - waiverdb-cli --help crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1538463
--------------------------------------------------------------------------------
================================================================================
wavemon-0.8.2-1.fc27 (FEDORA-2018-ed62f8b892)
Ncurses-based monitoring application for wireless network devices
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release 0.8.2 (rhbz#1546530)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1546530 - wavemon-0.8.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1546530
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.22-2.fc27 (FEDORA-2017-60c4aa0e01)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
nx-libs 3.5.0.33: - Don't allow overriding of X.Org Server UNIX sockets via
TEMP/NX_TEMP environment variables. Fixes problems on machines that use
pam_tempdir.so. - Fix CVE-2017-2624 (timingsafe_memcmp) by Ulrich Sibiller. -
Potentially improve LAN- and WAN-type connection speed settings scenarios.
Includes a regression fix for VPN connections by Simon Matter. - Fix problems in
mate-color-picker and potentially also other applications that make heavy use of
RENDER trapezoids. x2goserver 4.0.1.22: - Fixed overzealous nxagent socket
removal. - Keyboard mapping fixes, including preparation for usage with
Arctica's nx-libs version (not supported in this version of X2Go Server, yet). -
Support for Devuan and RT OS full desktop session spawning. - Always use short
host name, don't rely on ${HOSTNAME} variable. Compatibility with non-bash
login shells. - Spawn full desktop sessions with a new dbus user session
instance. - Finnish translation update. - Added support for LXQt full desktop
sessions. - New command: x2golistshadowsessions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1478974 - x2go killed by systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1478974
[ 2 ] Bug #1510900 - nx-libs-3.5.0.33 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510900
--------------------------------------------------------------------------------