The following Fedora 30 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132
thunderbird-68.7.0-1.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c71c00af4
libxml2-2.9.10-3.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-520fc718af xen-4.11.3-4.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-28e06b5f08
rubygem-rake-12.3.3-200.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1b6ce91e37
ansible-2.9.7-1.fc30
5
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3eaf264c4b
gnuchess-6.2.6-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e093619bb git-2.21.3-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fd8761fd13
php-horde-horde-5.2.22-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-5a4da65166 cups-2.2.12-8.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-827b677e15
python-bleach-3.1.4-2.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1e85425a52
sqliteodbc-0.9996-4.fc30
The following Fedora 30 Critical Path updates have yet to be approved:
Age URL
289
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1
dash-0.5.10.2-3.fc30
42
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fffba1c2dd
python3-3.7.7-1.fc30 python3-docs-3.7.7-1.fc30
11
https://bodhi.fedoraproject.org/updates/FEDORA-2020-767953662f
json-c-0.13.1-11.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-b3aa343948
libtirpc-1.2.6-0.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-0c71c00af4
libxml2-2.9.10-3.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-2b53cff132
thunderbird-68.7.0-1.fc30
9
https://bodhi.fedoraproject.org/updates/FEDORA-2020-a7509f2334
nfs-utils-2.4.3-1.rc1.fc30
8
https://bodhi.fedoraproject.org/updates/FEDORA-2020-520fc718af xen-4.11.3-4.fc30
7
https://bodhi.fedoraproject.org/updates/FEDORA-2020-1208e2a2b8 vim-8.2.587-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-44d12740d8 ceph-14.2.9-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-5a4da65166 cups-2.2.12-8.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-fd4d0014e1
python2-2.7.18-1.fc30 python2-docs-2.7.18-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-c1dd22ce63 koji-1.21.0-1.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-9b3da9c8e7
linux-firmware-20200421-107.fc30
2
https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e093619bb git-2.21.3-1.fc30
The following builds have been pushed to Fedora 30 updates-testing
amavisd-milter-1.7.0-1.fc30
batctl-2020.1-1.fc30
boinc-client-7.16.6-3.fc30
cairo-1.16.0-6.fc30
chromium-81.0.4044.122-1.fc30
dovecot-2.3.10-1.fc30
freeopcua-0-0.10.20200131.da2b76f.fc30
git-cinnabar-0.5.5-1.fc30
glusterfs-6.9-1.fc30
gnome-software-3.32.4-9.fc30
groonga-10.0.1-1.fc30
i3-4.18.1-1.fc30
kronosnet-1.16-1.fc30
libxcrypt-4.4.16-2.fc30
lshw-B.02.19.2-2.fc30
mkvtoolnix-45.0.0-1.fc30
nginx-1.18.0-1.fc30
nomacs-3.14.2-1.fc30
openssl-1.1.1g-1.fc30
openvpn-2.4.9-1.fc30
phpunit8-8.5.4-1.fc30
pkcs11-helper-1.22-10.fc30
pxz-4.999.9-19.beta.20200421git.fc30
pyproject-rpm-macros-0-14.fc30
python-cups-2.0.1-1.fc30
python-pip-19.0.3-7.fc30
python-ptrace-0.9.5-1.fc30
python-wikitcms-2.5.2-1.fc30
quiterss-0.19.4-1.fc30
rubygem-json-2.2.0-202.fc30
tomcat-9.0.34-1.fc30
trustedqsl-2.5.3-1.fc30
twa-1.9.1-1.fc30
xfce4-whiskermenu-plugin-2.4.4-1.fc30
Details about builds:
================================================================================
amavisd-milter-1.7.0-1.fc30 (FEDORA-2020-023e2e1259)
Sendmail milter for amavisd-new using the AM.PDP protocol
--------------------------------------------------------------------------------
Update Information:
# amavisd-milter amavisd-milter has been moved from SourceForge to to GitHub.
## New features - Fork after initializing milter socket - Use `client_name`
if available instead of hostname passed to `xxfi_connect` - Generate `amavisd-
milter.8` from `AMAVISD-MILTER.md` # Bug and compatibility fixes - Fixed
compiler warnings - Converted indentation to spaces only - Removed obsoleted
file `amavisd-milter.spec`
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Robert Scheck <robert(a)fedoraproject.org> 1.7.0-1
- Upgrade to 1.7.0 (#1824332)
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.6.1-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1824332 - amavisd-milter 1.7.0 available
https://bugzilla.redhat.com/show_bug.cgi?id=1824332
--------------------------------------------------------------------------------
================================================================================
batctl-2020.1-1.fc30 (FEDORA-2020-41e32096d6)
B.A.T.M.A.N. advanced control and management tool
--------------------------------------------------------------------------------
Update Information:
Update to 2020.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Felix Kaechele <heffer(a)fedoraproject.org> - 2020.1-1
- update to 2020.1
--------------------------------------------------------------------------------
================================================================================
boinc-client-7.16.6-3.fc30 (FEDORA-2020-5acf721146)
The BOINC client
--------------------------------------------------------------------------------
Update Information:
Removed broken user idle time detection. If you happen to see "computer in use"
as working unit status, please leave a comment below
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.6-3
- Updated disable_idle_time_detection.patch
* Sat Apr 11 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.6-2
- Added disable_idle_time_detection.patch
* Thu Apr 9 2020 Germano Massullo <germano.massullo(a)gmail.com> - 7.16.1-7
- 7.16.6 release
- Removed cc_config_cpp_3249.patch
- Disabled disabled_idle_detection.patch. Read
https://bugzilla.redhat.com/show_bug.cgi?id=1822723
* Tue Jan 28 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 7.16.1-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Aug 19 2019 Germano Massullo <germano.massullo(a)cern.ch> - 7.16.1-5
- Added ExcludeArch: s390x, aarch64 for EPEL8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1822723 - Disable idle time detection
https://bugzilla.redhat.com/show_bug.cgi?id=1822723
--------------------------------------------------------------------------------
================================================================================
cairo-1.16.0-6.fc30 (FEDORA-2020-a615847091)
A 2D graphics library
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug when cairo rejected CFF fonts with zero operands for
certain operators when creating PDF. This caused printing failure when such
fonts were used.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Marek Kasik <mkasik(a)redhat.com> - 1.16.0-6
- Allow empty array of operands for certain operators in CFF fonts
- Resolves: #1817958
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1817958 - Official governement PDF form cannot be printed
https://bugzilla.redhat.com/show_bug.cgi?id=1817958
--------------------------------------------------------------------------------
================================================================================
chromium-81.0.4044.122-1.fc30 (FEDORA-2020-0e7f1b663b)
A WebKit (Blink) powered web browser
--------------------------------------------------------------------------------
Update Information:
Another day, another chromium update. This one fixes: CVE-2020-6458
CVE-2020-6459 CVE-2020-6460 ---- Fix dependency issue introduced when
switching from a "shared" build to a "static" build. ---- A new
major version
of Chromium without any security bugs! Just kidding. Here's the CVE list:
CVE-2020-6454 CVE-2020-6423 CVE-2020-6455 CVE-2020-6430 CVE-2020-6456
CVE-2020-6431 CVE-2020-6433 CVE-2020-6434 CVE-2020-6435 CVE-2020-6436
CVE-2020-6437 CVE-2020-6438 CVE-2020-6439 CVE-2020-6440 CVE-2020-6441
CVE-2020-6442 CVE-2020-6443 CVE-2020-6444 CVE-2020-6445 CVE-2020-6446
CVE-2020-6447 CVE-2020-6448 CVE-2020-6432 CVE-2020-6457 Oh, and this build
switches over to a static build, so the chromium-libs and chromium-libs-media
subpackages are now obsolete, but it should be slightly better for performance.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Tom Callaway <spot(a)fedoraproject.org> - 81.0.4044.122-1
- update to 81.0.4044.122
* Tue Apr 21 2020 Tom Callaway <spot(a)fedoraproject.org> - 81.0.4044.113-2
- add explicit Requires: chromium-common
* Thu Apr 16 2020 Tom Callaway <spot(a)fedoraproject.org> - 81.0.4044.113-1
- update to 81.0.4044.113
* Mon Apr 13 2020 Tom Callaway <spot(a)fedoraproject.org> - 81.0.4044.92-1
- update to 81.0.4044.92
- squelch the selinux output in the post scriptlet
- add Provides/Obsoletes in case we're build with shared set to 0
- add ulimit -n 4096 (needed for static builds, probably not harmful for shared builds
either)
- do static build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1822604 - CVE-2020-6454 chromium-browser: Use after free in extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822604
[ 2 ] Bug #1822605 - CVE-2020-6423 chromium-browser: Use after free in audio
https://bugzilla.redhat.com/show_bug.cgi?id=1822605
[ 3 ] Bug #1822606 - CVE-2020-6455 chromium-browser: Out of bounds read in WebSQL
https://bugzilla.redhat.com/show_bug.cgi?id=1822606
[ 4 ] Bug #1822607 - CVE-2020-6430 chromium-browser: Type Confusion in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822607
[ 5 ] Bug #1822608 - CVE-2020-6456 chromium-browser: Insufficient validation of
untrusted input in clipboard
https://bugzilla.redhat.com/show_bug.cgi?id=1822608
[ 6 ] Bug #1822609 - CVE-2020-6431 chromium-browser: Insufficient policy enforcement in
full screen
https://bugzilla.redhat.com/show_bug.cgi?id=1822609
[ 7 ] Bug #1822610 - CVE-2020-6433 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822610
[ 8 ] Bug #1822611 - CVE-2020-6434 chromium-browser: Use after free in devtools
https://bugzilla.redhat.com/show_bug.cgi?id=1822611
[ 9 ] Bug #1822612 - CVE-2020-6435 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822612
[ 10 ] Bug #1822613 - CVE-2020-6436 chromium-browser: Use after free in window
management
https://bugzilla.redhat.com/show_bug.cgi?id=1822613
[ 11 ] Bug #1822614 - CVE-2020-6437 chromium-browser: Inappropriate implementation in
WebView
https://bugzilla.redhat.com/show_bug.cgi?id=1822614
[ 12 ] Bug #1822615 - CVE-2020-6438 chromium-browser: Insufficient policy enforcement in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822615
[ 13 ] Bug #1822616 - CVE-2020-6439 chromium-browser: Insufficient policy enforcement in
navigations
https://bugzilla.redhat.com/show_bug.cgi?id=1822616
[ 14 ] Bug #1822617 - CVE-2020-6440 chromium-browser: Inappropriate implementation in
extensions
https://bugzilla.redhat.com/show_bug.cgi?id=1822617
[ 15 ] Bug #1822618 - CVE-2020-6441 chromium-browser: Insufficient policy enforcement in
omnibox
https://bugzilla.redhat.com/show_bug.cgi?id=1822618
[ 16 ] Bug #1822619 - CVE-2020-6442 chromium-browser: Inappropriate implementation in
cache
https://bugzilla.redhat.com/show_bug.cgi?id=1822619
[ 17 ] Bug #1822620 - CVE-2020-6443 chromium-browser: Insufficient data validation in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822620
[ 18 ] Bug #1822621 - CVE-2020-6444 chromium-browser: Uninitialized use in WebRTC
https://bugzilla.redhat.com/show_bug.cgi?id=1822621
[ 19 ] Bug #1822622 - CVE-2020-6445 chromium-browser: Insufficient policy enforcement in
trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822622
[ 20 ] Bug #1822623 - CVE-2020-6446 chromium-browser: Insufficient policy enforcement in
trusted types
https://bugzilla.redhat.com/show_bug.cgi?id=1822623
[ 21 ] Bug #1822624 - CVE-2020-6447 chromium-browser: Inappropriate implementation in
developer tools
https://bugzilla.redhat.com/show_bug.cgi?id=1822624
[ 22 ] Bug #1822625 - CVE-2020-6448 chromium-browser: Use after free in V8
https://bugzilla.redhat.com/show_bug.cgi?id=1822625
[ 23 ] Bug #1824949 - CVE-2020-6457 chromium-browser: Use after free in speech
recognizer
https://bugzilla.redhat.com/show_bug.cgi?id=1824949
[ 24 ] Bug #1827379 - CVE-2020-6459 chromium-browser: Use after free in payments
https://bugzilla.redhat.com/show_bug.cgi?id=1827379
[ 25 ] Bug #1827380 - CVE-2020-6460 chromium-browser: Insufficient data validation in
URL formatting
https://bugzilla.redhat.com/show_bug.cgi?id=1827380
[ 26 ] Bug #1827381 - CVE-2020-6458 chromium-browser: Out of bounds read and write in
PDFium
https://bugzilla.redhat.com/show_bug.cgi?id=1827381
--------------------------------------------------------------------------------
================================================================================
dovecot-2.3.10-1.fc30 (FEDORA-2020-8c8ff7c098)
Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:
dovecot updated to 2.3.10
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Michal Hlavinka <mhlavink(a)redhat.com> - 1:2.3.10-1
- dovecot updated to 2.3.10, pigeonhole updated to 0.5.10
--------------------------------------------------------------------------------
================================================================================
freeopcua-0-0.10.20200131.da2b76f.fc30 (FEDORA-2020-fcd729be00)
Open Source C++ OPC-UA Server and Client Library
--------------------------------------------------------------------------------
Update Information:
Fix missing cflags exports for spdlog (update to upstream PR 356) ---- New
package
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1824467 - Review Request: freeopcua - Open Source C++ OPC-UA Server and
Client Library
https://bugzilla.redhat.com/show_bug.cgi?id=1824467
--------------------------------------------------------------------------------
================================================================================
git-cinnabar-0.5.5-1.fc30 (FEDORA-2020-03567fa5f6)
Git remote helper to interact with mercurial repositories
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1827260 - git-cinnabar-0.5.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1827260
--------------------------------------------------------------------------------
================================================================================
glusterfs-6.9-1.fc30 (FEDORA-2020-184ff81bcd)
Distributed File System
--------------------------------------------------------------------------------
Update Information:
glusterfs 6.9 GA
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 6.9-1
- 6.9 GA
--------------------------------------------------------------------------------
================================================================================
gnome-software-3.32.4-9.fc30 (FEDORA-2020-06b6a23d9c)
A software center for GNOME
--------------------------------------------------------------------------------
Update Information:
Use final F32 artwork for distro upgrades to Fedora 32.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Kalev Lember <klember(a)redhat.com> - 3.32.4-9
- Add final F32 artwork
--------------------------------------------------------------------------------
================================================================================
groonga-10.0.1-1.fc30 (FEDORA-2020-bbc9bc1919)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Kentaro Hayashi <hayashi(a)clear-code.com> - 10.0.1-1
- new upstream release
* Sun Feb 16 2020 Kentaro Hayashi <hayashi(a)clear-code.com> - 9.1.2-2
- enable legacy common support to fix FTBFS (Bug#1799474).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1818095 - groonga-10.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1818095
--------------------------------------------------------------------------------
================================================================================
i3-4.18.1-1.fc30 (FEDORA-2020-dc22a443ca)
Improved tiling window manager
--------------------------------------------------------------------------------
Update Information:
New upstream release 4.18.1 (rhbz#1826642)
������������������������������������������������������������������������������������������������
���
Release notes for i3 v4.18.1 ���
������������������������������������������������������������������������������������������������
This is i3
v4.18.1. This version is considered stable. All users of i3 are strongly
encouraged to upgrade. This is a bugfix release for v4.18.
������������������������������������������������������������������������������������������
��� Bugfixes ���
������������������������������������������������������������������������������������������
��� Move parent nodes in scratchpad correctly ���
i3bar: Call cont_child() more liberally ��� Fix load_layout crash when floating
node doesn't have CT_FLOATING_CON parent ��� Fix SEGFAULT when i3bar receives
invalid input ��� Revert "floating_reposition: avoid extra tree_render" ���
Call
tree_render if floating move changes workspace ��� Update EWMH properties on
workspace move ��� cmd_focus_sibling: Fix crash on workspace level
������������������������������������������������������������������������������������������
��� Thanks! ���
������������������������������������������������������������������������������������������
Thanks for testing, bugfixes, discussions and
everything I forgot go out to: Heman Gandhi, Orestis Floros -- Michael
Stapelberg, 2020-04-22
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Dan ��erm��k <dan.cermak(a)cgc-instruments.com> - 4.18.1-1
- New upstream release 4.18.1 (rhbz#1826642)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1826642 - i3-4.18.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1826642
--------------------------------------------------------------------------------
================================================================================
kronosnet-1.16-1.fc30 (FEDORA-2020-da5a52eab8)
Multipoint-to-Multipoint VPN daemon
--------------------------------------------------------------------------------
Update Information:
- New upstream release - Fix major issues with SCTP transport - Fix build with
recent gcc - Minor bug fixes - Update BuildRequires now that libqb is used
unconditionally
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Fabio M. Di Nitto <fdinitto(a)redhat.com> - 1.16-1
- New upstream release
- Fix major issues with SCTP transport
- Fix build with recent gcc
- Minor bug fixes
- Update BuildRequires now that libqb is used unconditionally
--------------------------------------------------------------------------------
================================================================================
libxcrypt-4.4.16-2.fc30 (FEDORA-2020-389dc1b8a4)
Extended crypt library for descrypt, md5crypt, bcrypt, and others
--------------------------------------------------------------------------------
Update Information:
- Move fipscheck hmac checksums to `%{_libdir}/fipscheck`.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.4.16-2
- Move fipscheck hmac checksums to %{_libdir}/fipscheck
--------------------------------------------------------------------------------
================================================================================
lshw-B.02.19.2-2.fc30 (FEDORA-2020-b468980871)
Hardware lister
--------------------------------------------------------------------------------
Update Information:
Fix a crash in lshw.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Terje Rosten <terje.rosten(a)ntnu.no> - B.02.19.2-2
- Add patch from openSUSE to fix rhbz#1822455
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1822455 - [abrt] lshw: std::__throw_length_error(): lshw killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1822455
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-45.0.0-1.fc30 (FEDORA-2020-be782412ee)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
# Version 45.0.0 "Heaven in Pennies" 2020-04-04 ## New features and
enhancements * mkvmerge: mkvmerge has never supported appending & splitting
FLAC audio tracks. mkvmerge will now emit error messages when the user attempts
either instead of continuing and creating invalid FLAC tracks. * MKVToolNix GUI:
added an option in the preferences to turn on eliding text on tab headers. If
enabled, tab names will be shortened so that all tab headers fit into the
window's width. Implements #2768. * MKVToolNix GUI: added an option in the
preferences to disable all tooltips. * MKVToolNix GUI: multiplexer: if the file
identification fails due to a JSON parser error, the output generated by
`mkvmerge` will be output on `STDERR`) allowing insight into what's gone wrong.
* MKVToolNix GUI: multiplexer: if an error occurs during file identification,
the name of the processed file will be mentioned in the error message. *
MKVToolNix GUI: multiplexer: if an error occurs during identification of
multiple files, the GUI will ask the user whether to continue or abort the
identification process. Implements #2778. * MKVToolNix GUI: job queue: added an
option in the preferences for removing completed jobs when exiting the program
depending on their status. Implements #2769. ## Bug fixes * mkvmerge:
H.265/HEVC packetizer: fixed changing the NALU size length, it was using the
wrong offset into the `hevcC` structure. * mkvmerge: MP4 reader: fixed
calculating the duration of video tracks that only contain a single frame. Fixes
#2747. * mkvmerge: MP4 reader: if there's no frame offset table (`ctts` atom)
present for H.265/HEVC video tracks, mkvmerge will determine the timestamp order
itself instead of relying on the timestamps in the MP4 being in the presentation
order required by Matroska. Fixes #2777. * mkvpropedit: Windows: mkvpropedit
wasn't caching when reading the file to modify, slowing down operations such as
adding track statistics tags considerably. Fixes #2761. * MKVToolNix GUI:
multiplexer: when using the title as part of the destination file name (both
automatically as well as using the "copy title to destination file name"
function) all characters that aren't valid in a file name are replaced by
hyphens. * MKVToolNix GUI: multiplexer: the "copy title to destination file
name" function was broken when the "make file name unique" option in the
preferences was disabled. In that case the file base name was removed regardless
of what the title was set to at the time. * MKVToolNix GUI: multiplexer: when
adding Blu-ray playlists the GUI used to only look for the English version of
the disc library information (title & cover images). Now the GUI will present
all disc library entries in the "select playlist to add" dialog & let the
user
chose which one to use (if any). Fixes #2765. * MKVToolNix GUI: multiplexer,
info tool: fixed the "warn before overwriting" check wrt. jobs creating the
same
file. Fixes #2758.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Dominik Mierzejewski <rpm(a)greysector.net> - 45.0.0-1
- update to 45.0.0 (#1820902)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1820902 - mkvtoolnix-45.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1820902
--------------------------------------------------------------------------------
================================================================================
nginx-1.18.0-1.fc30 (FEDORA-2020-318ce3d301)
A high performance web server and reverse proxy server
--------------------------------------------------------------------------------
Update Information:
Update to 1.18.0 - Increased types_hash_max_size to 4096 in default config
(rhbz#1564878) - Add gpg source verification - Add Recommends: logrotate - Drop
location / from default config (rhbz#1564768) - Drop default_sever from default
config (rhbz#1373822)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Felix Kaechele <heffer(a)fedoraproject.org> - 1:1.18.0-1
- Update to 1.18.0
- Increased types_hash_max_size to 4096 in default config
- Add gpg source verification
- Add Recommends: logrotate
- Drop location / from default config (rhbz#1564768)
- Drop default_sever from default config (rhbz#1373822)
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.16.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sun Sep 15 2019 Warren Togami <warren(a)blockstream.com>
- add conditionals for EPEL7, see rhbz#1750857
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1373822 - wrong config option, default_server in nginx.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1373822
[ 2 ] Bug #1564768 - Please do not include "location / {" in default
nginx.conf
https://bugzilla.redhat.com/show_bug.cgi?id=1564768
[ 3 ] Bug #1564878 - NGINX: could not build optimal types_hash, you should increase
either types_hash_max_size
https://bugzilla.redhat.com/show_bug.cgi?id=1564878
--------------------------------------------------------------------------------
================================================================================
nomacs-3.14.2-1.fc30 (FEDORA-2020-402f3e54cb)
Lightweight image viewer
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 TI_Eugene <ti.eugene(a)gmail.com> 3.14.2-1
- Version bump
* Sat Mar 14 2020 TI_Eugene <ti.eugene(a)gmail.com> 3.14-1
- Version bump
- All patches removed
- lena.jpg workaround removed
* Fri Mar 6 2020 Nicolas Chauvet <kwizart(a)gmail.com> - 3.12-7
- Rebuilt for opencv-4.2
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.12-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Tue Jan 28 2020 Nicolas Chauvet <kwizart(a)gmail.com> - 3.12-5
- Rebuild for OpenCV 4.2
* Mon Jan 27 2020 Nicolas Chauvet <kwizart(a)gmail.com> - 3.12-4
- Add patch for OpenCV 4.2
* Sun Dec 29 2019 Nicolas Chauvet <kwizart(a)gmail.com> - 3.12-3
- Rebuilt for opencv4
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.12-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
openssl-1.1.1g-1.fc30 (FEDORA-2020-da2d1ef2d7)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Update to version 1.1.1g from upstream fixing possible remote DoS security
issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1g-1
- update to the 1.1.1g release
* Tue Apr 7 2020 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1f-1
- update to the 1.1.1f release
* Thu Mar 26 2020 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1e-2
- revert the unexpected EOF error reporting change as it is
too disruptive for the stable release branch
* Fri Mar 20 2020 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1e-1
- update to the 1.1.1e release
- add selftest of the RAND_DRBG implementation
- fix incorrect error return value from FIPS_selftest_dsa
* Mon Feb 17 2020 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1d-7
- apply Intel CET support patches by hjl (#1788699)
* Wed Jan 29 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:1.1.1d-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Nov 21 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1d-5
- allow zero length parameters in KDF_CTX_ctrl()
* Thu Nov 14 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1d-4
- backport of SSKDF from master
* Wed Nov 13 2019 Tom���� Mr��z <tmraz(a)redhat.com> 1.1.1d-3
- backport of KBKDF and KRB5KDF from master
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1781004 - CVE-2019-1551 openssl: Integer overflow in RSAZ modular
exponentiation on x86_64 [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1781004
[ 2 ] Bug #1814314 - openssl-1.1.1g is available
https://bugzilla.redhat.com/show_bug.cgi?id=1814314
[ 3 ] Bug #1826338 - CVE-2020-1967 openssl: Segmentation fault in SSL_check_chain causes
denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1826338
[ 4 ] Bug #1827149 - Please provide openssl 1.1.1g
https://bugzilla.redhat.com/show_bug.cgi?id=1827149
--------------------------------------------------------------------------------
================================================================================
openvpn-2.4.9-1.fc30 (FEDORA-2020-969414e05b)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream OpenVPN 2.4.9 release. It contains a security fix for
CVE-2020-11810. This security issue is quite hard to abuse, requiring a fairly
precise timing attack combined with guessing a just assigned peer-id reference.
If successful, only a single client just initiating a new connection will
experience a denial of service situation. This wi why the severity is rated
low.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2020 David Sommerseth <dazo(a)eurephia.org> - 2.4.9-1
- Update to upstream OpenVPN 2.4.9
--------------------------------------------------------------------------------
================================================================================
phpunit8-8.5.4-1.fc30 (FEDORA-2020-eb56fe4091)
The PHP Unit Testing framework version 8
--------------------------------------------------------------------------------
Update Information:
**Version 8.5.4** - 2020-04-23 **Changed** * Changed how
`PHPUnit\TextUI\Command` passes warnings to `PHPUnit\TextUI\TestRunner`
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Remi Collet <remi(a)remirepo.net> - 8.5.4-1
- update to 8.5.4
--------------------------------------------------------------------------------
================================================================================
pkcs11-helper-1.22-10.fc30 (FEDORA-2020-bd3a78919a)
A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:
Fix serialisation of attributes with NUL bytes in (#1825496)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 David Woodhouse <dwmw2(a)infradead.org> - 1.22-10
- Fix serialisation of attributes with NUL bytes in (#1825496)
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.22-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.22-8
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1825496 - Invalid serialization of rfc7512 URI
https://bugzilla.redhat.com/show_bug.cgi?id=1825496
--------------------------------------------------------------------------------
================================================================================
pxz-4.999.9-19.beta.20200421git.fc30 (FEDORA-2020-c9eb911737)
Parallel LZMA compressor using XZ
--------------------------------------------------------------------------------
Update Information:
- Update to GIT 20200421 - Added patch against race condition in setting
permissions on output file (#1182024) - Added patch to revert environment
redirect allowing `export XZ_OPT="-9"` or similar
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Robert Scheck <robert(a)fedoraproject.org>
4.999.9-19.beta.20200421git
- Update to GIT 20200421
- Added patch against race condition in setting permissions on output file (#1182024)
- Added patch to revert environment redirect allowing 'export
XZ_OPT="-9"' or similar
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.999.9-18.beta.20120930git
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> -
4.999.9-17.beta.20120930git
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1182024 - CVE-2015-1200 pxz: race condition in setting permissions on output
file
https://bugzilla.redhat.com/show_bug.cgi?id=1182024
--------------------------------------------------------------------------------
================================================================================
pyproject-rpm-macros-0-14.fc30 (FEDORA-2020-0f078e7280)
RPM macros for PEP 517 Python packages
--------------------------------------------------------------------------------
Update Information:
Workaround problems with debugsource packages in pyproject-rpm-macros.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 15 2020 Patrik Kopkan <pkopkan(a)redhat.com> - 0-14
- Add %pyproject_save_file macro for generating file section
- Handle extracting debuginfo from extension modules (#1806625)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1806625 - Empty debugsourcefiles.list when using %pyproject_wheel/install
with extension modules
https://bugzilla.redhat.com/show_bug.cgi?id=1806625
--------------------------------------------------------------------------------
================================================================================
python-cups-2.0.1-1.fc30 (FEDORA-2020-97c0a53592)
Python bindings for CUPS
--------------------------------------------------------------------------------
Update Information:
2.0.1, fixes #1816107
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 2.0.1-1
- 2.0.1, fixes #1816107
* Mon Mar 16 2020 Zdenek Dohnal <zdohnal(a)redhat.com> - 1.9.74-7
- use __python macro for calling pydoc
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.74-6
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.9.74-5
- Rebuilt for Python 3.8
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.9.74-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-pip-19.0.3-7.fc30 (FEDORA-2020-0f078e7280)
A tool for installing and managing Python packages
--------------------------------------------------------------------------------
Update Information:
Workaround problems with debugsource packages in pyproject-rpm-macros.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 10 2020 Miro Hron��ok <mhroncok(a)redhat.com> - 19.0.3-7
- Allow setting $TMPDIR to $PWD/... during pip wheel (#1806625)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1806625 - Empty debugsourcefiles.list when using %pyproject_wheel/install
with extension modules
https://bugzilla.redhat.com/show_bug.cgi?id=1806625
--------------------------------------------------------------------------------
================================================================================
python-ptrace-0.9.5-1.fc30 (FEDORA-2020-869a4f3c88)
Debugger using ptrace written in Python
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream python-ptrace 0.9.5.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2020 Terje Rosten <terje.rosten(a)ntnu.no> - 0.9.5-1
- 0.9.5
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.4-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Oct 3 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 0.9.4-4
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 0.9.4-3
- Rebuilt for Python 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1823328 - python-ptrace-0.9.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1823328
--------------------------------------------------------------------------------
================================================================================
python-wikitcms-2.5.2-1.fc30 (FEDORA-2020-c58af2cdfb)
Fedora QA wiki test management Python library
--------------------------------------------------------------------------------
Update Information:
This update provides a new release of python-wikitcms, with a single bug fix, to
correctly parse 'test names' that are not link targets and contain spaces.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Adam Williamson <awilliam(a)redhat.com> - 2.5.2-1
- New release 2.5.2: fix parsing test names with spaces
* Thu Jan 30 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
quiterss-0.19.4-1.fc30 (FEDORA-2020-6853271028)
RSS/Atom aggregator
--------------------------------------------------------------------------------
Update Information:
Version bump
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 TI_Eugene <ti.eugene(a)gmail.com> - 0.19.4-1
- Version bump
--------------------------------------------------------------------------------
================================================================================
rubygem-json-2.2.0-202.fc30 (FEDORA-2020-d171bf636d)
A JSON implementation in Ruby
--------------------------------------------------------------------------------
Update Information:
A security flaw was found on rubygem-json prior to 2.3.0 which was now assigned
as CVE-2020-10663. This new rpm contains backport fixes for this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 25 2020 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 2.2.0-202
- Backport fix for CVE-2020-10663 from 2.3.0 (bug 1827500)
* Fri Jul 26 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.2.0-201
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1827501 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability
in JSON [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1827501
--------------------------------------------------------------------------------
================================================================================
tomcat-9.0.34-1.fc30 (FEDORA-2020-88155427c0)
Apache Servlet/JSP Engine, RI for Servlet 4.0/JSP 2.3 API
--------------------------------------------------------------------------------
Update Information:
Updating to Tomcat 9.0.34.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2020 Coty Sutherland <csutherl(a)redhat.com> - 1:9.0.34-1
- Update to 9.0.34
- Update dependency for ECJ to version 4.11
--------------------------------------------------------------------------------
================================================================================
trustedqsl-2.5.3-1.fc30 (FEDORA-2020-a3b9aa6634)
Tool for digitally signing Amateur Radio QSO records
--------------------------------------------------------------------------------
Update Information:
Defects Corrected: * Properly limit the length of callsigns. * Select the
proper callsign for stations with calls used from multiple entities. * Allow
leading zeroes in the values for CQ Zone (MY_CQZ) and ITU Zone (MY_ITUZ). * Fix
the reporting when a callsign certificate is not available for a callsign
specified in a log to state that it���s a missing callsign certificate, not a date
range issue. Major feature Additions: * Report on more ADIF errors ��� badly
spelled counties, incorrect counties (���NY,Boston���) Minor Updates: * Ignore
leading and trailing whitespace in ADIF values. * Ignore callsign fields
(OPERATOR, STATION_CALLSIGN, OPERATOR_CALLSIGN) in ADIF files to work around
defective logging programs. * When a Station Location has empty values, use the
QTH details from the log being signed.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 23 2020 Richard Shaw <hobbes1069(a)gmail.com> - 2.5.3-1
- Update to 2.5.3.
* Wed Apr 8 2020 Richard Shaw <hobbes1069(a)gmail.com> - 2.5.2-1
- Update to 2.5.2.
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.5.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
twa-1.9.1-1.fc30 (FEDORA-2020-bb75ac173a)
Tiny web auditor with strong opinions
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release (v.1.9.1)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2020 Artur Iwicki <fedora(a)svgames.pl> - 1.9.1-1
- Update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
xfce4-whiskermenu-plugin-2.4.4-1.fc30 (FEDORA-2020-30e7a623d9)
An alternate application launcher for Xfce
--------------------------------------------------------------------------------
Update Information:
- Update to 2.4.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 22 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.4.4-1
- Update to 2.4.4
* Sun Mar 15 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.4.3-1
- Update to 2.4.3
* Sun Feb 16 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.4.2-1
- Update to 2.4.2
* Thu Feb 13 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.4.1-1
- Update to 2.4.1
* Mon Feb 10 2020 Filipe Rosset <rosset.filipe(a)gmail.com> - 2.4.0-1
- Update to 2.4.0 fixes rhbz#1801462
* Fri Jan 31 2020 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.3.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
--------------------------------------------------------------------------------