The following Fedora 29 Security updates need testing:
Age URL
5
https://bodhi.fedoraproject.org/updates/FEDORA-2018-51ce232320
xerces-c27-2.7.0-28.fc29
4
https://bodhi.fedoraproject.org/updates/FEDORA-2018-847fe2ed61
clamav-0.100.2-2.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-a0d22c2a21
strongswan-5.7.1-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-39be36e9fc
chromium-69.0.3497.100-1.fc29
The following Fedora 29 Critical Path updates have yet to be approved:
Age URL
28
https://bodhi.fedoraproject.org/updates/FEDORA-2018-7a207f18aa sudo-1.8.25-1.fc29
17
https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef00d2196a
libguestfs-1.39.11-1.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d610e2461a
python-blivet-3.1.1-2.fc29
1
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e204a15424
xfce4-settings-4.13.5-1.fc29
The following builds have been pushed to Fedora 29 updates-testing
CGAL-4.13-1.fc29
ansible-2.7.0-1.fc29
audiofile-0.3.6-21.fc29
brightlight-7-1.fc29
containers-0.8.0-3.alpha.9.fc29
dnf-3.6.1-2.fc29
dsymbol-0.4.3-2.fc29
firefox-62.0.3-2.fc29
gdal-2.3.2-1.fc29
getdns-1.4.2-4.fc29
gnome-remote-desktop-0.1.6-2.fc29
golang-github-cznic-ql-1.2.0-2.fc29
homebank-5.2.2-1.fc29
ibus-table-1.9.21-2.fc29
ibus-typing-booster-2.1.3-1.fc29
iio-sensor-proxy-2.5-1.fc29
intel-gmmlib-18.3.0-1.fc29
libdparse-0.9.9-2.fc29
mod_http2-1.11.1-1.fc29
netresolve-0.0.1-0.22.20160317git.fc29
openscap-1.3.0-1.fc29
openvswitch-2.10.0-1.fc29
pagure-5.1.1-1.fc29
perl-Catalyst-Runtime-5.90119-1.fc29
phan-1.1.0-1.fc29
python-dogpile-cache-0.6.7-1.fc29
python-paramiko-2.4.2-1.fc29
python-pocketlint-0.18-1.fc29
rpkg-1.56-2.fc29
rtkit-0.11-20.fc29
rubygem-liquid-4.0.1-1.fc29
rubygem-nokogiri-1.8.5-1.fc29
scorep-4.0-1.fc29
switchboard-2.3.4-1.fc29
thunderbird-60.2.1-2.fc29
unbound-1.8.1-1.fc29
Details about builds:
================================================================================
CGAL-4.13-1.fc29 (FEDORA-2018-358490c598)
Computational Geometry Algorithms Library
--------------------------------------------------------------------------------
Update Information:
New upstream release: CGAL-4.13. See the [release notes]. [release notes]:
https://github.com/CGAL/cgal/releases/tag/releases%2FCGAL-4.13
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Laurent Rineau <lrineau@bonnard> - 4.13-1
- New upstream version
- Add `CGAL_DO_NOT_WARN_ABOUT_CMAKE_BUILD_TYPE` in the CMake
configuration, to suppress a warning.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1572004 - CGAL-4.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1572004
--------------------------------------------------------------------------------
================================================================================
ansible-2.7.0-1.fc29 (FEDORA-2018-87a45b4c9f)
SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:
Update to 2.7.0.
https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v...
for for info
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 4 2018 Kevin Fenzi <kevin(a)scrye.com> - 2.7.0-1
- Update to 2.7.0
--------------------------------------------------------------------------------
================================================================================
audiofile-0.3.6-21.fc29 (FEDORA-2018-3058a87e60)
Library for accessing various audio file formats
--------------------------------------------------------------------------------
Update Information:
Fixes for CVE-2018-13440 and CVE-2018-17095.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 1:0.3.6-21
- Fixes for CVE-2018-13440.
* Tue Oct 9 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 1:0.3.6-20
- Fix for CVE-2018-17095.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1600368 - CVE-2018-13440 audiofile: NULL pointer dereference in
modules/ModuleState.cpp:ModuleState::setup() allows for denial of service via crafted file
[fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1600368
[ 2 ] Bug #1631089 - CVE-2018-17095 audiofile: Heap-based buffer overflow in
Expand3To4Module::run when running sfconvert [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1631089
--------------------------------------------------------------------------------
================================================================================
brightlight-7-1.fc29 (FEDORA-2018-73a798910e)
CLI tool to change screen back-light brightness
--------------------------------------------------------------------------------
Update Information:
Upgrade to upstream major release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Justin W. Flory <jwf(a)fedoraproject.org> - 7-1
- Upgrade to upstream major release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637228 - brightlight-7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1637228
--------------------------------------------------------------------------------
================================================================================
containers-0.8.0-3.alpha.9.fc29 (FEDORA-2018-2f24a84296)
Efficient library to use collection in D
--------------------------------------------------------------------------------
Update Information:
Add stdx-allocator as build requirement
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1613571 - Review Request: containers - Efficient library to use collection in
D
https://bugzilla.redhat.com/show_bug.cgi?id=1613571
--------------------------------------------------------------------------------
================================================================================
dnf-3.6.1-2.fc29 (FEDORA-2018-3a17006b01)
Package manager
--------------------------------------------------------------------------------
Update Information:
Backport fixes for RHBZ#1616118 from upstream master.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Adam Williamson <awilliam(a)redhat.com> - 3.6.1-2
- Backport fixes for RHBZ#1616118 from upstream master
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1616118 - DNF update fails with "cannot install the best update
candidate for package"
https://bugzilla.redhat.com/show_bug.cgi?id=1616118
--------------------------------------------------------------------------------
================================================================================
dsymbol-0.4.3-2.fc29 (FEDORA-2018-97b547bac8)
Symbol lookup support for libdparse
--------------------------------------------------------------------------------
Update Information:
Apply Robert-Andr�� Mauchin fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1613573 - Review Request: dsymbol - Symbol lookup support for libdparse
https://bugzilla.redhat.com/show_bug.cgi?id=1613573
--------------------------------------------------------------------------------
================================================================================
firefox-62.0.3-2.fc29 (FEDORA-2018-3b31c7151b)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
- Improved Firefox Wayland experience - Added PipeWire patch for Wayland desktop
sharing
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 8 2018 Martin Stransky <stransky(a)redhat.com> - 62.0.3-2
- Added pipewire patch (mozbz#1496359)
- Added Wayland patches from Firefox 63
- Enable Wayland backed by default on Fedora 30
--------------------------------------------------------------------------------
================================================================================
gdal-2.3.2-1.fc29 (FEDORA-2018-3119a06646)
GIS file format library
--------------------------------------------------------------------------------
Update Information:
https://trac.osgeo.org/gdal/wiki/Release/2.3.2-News
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 1 2018 Volker Fr��hlich <volker27(a)gmx.at> - 2.3.2-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1618879 - gdal: Heap-buffer-overflow in GTiffOddBitsBand::IReadBlock
https://bugzilla.redhat.com/show_bug.cgi?id=1618879
[ 2 ] Bug #1618544 - gdal: Heap-buffer-overflow in NITFRasterBand::Unpack
https://bugzilla.redhat.com/show_bug.cgi?id=1618544
[ 3 ] Bug #1618885 - gdal: Index-out-of-bounds in CPLErrorSetState
https://bugzilla.redhat.com/show_bug.cgi?id=1618885
--------------------------------------------------------------------------------
================================================================================
getdns-1.4.2-4.fc29 (FEDORA-2018-7be27ff1d8)
Modern asynchronous API to the DNS
--------------------------------------------------------------------------------
Update Information:
New unbound release fixes several issues. - Changes libunbound soname, rebuilds
dependent packages.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Petr Men����k <pemensik(a)redhat.com> - 1.4.2-4
- Rebuilt for unbound 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637387 - Cannot install gnutls-dane in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1637387
[ 2 ] Bug #1633874 - Request to incorporate fix for forwarding without ipv6
connectivity
https://bugzilla.redhat.com/show_bug.cgi?id=1633874
[ 3 ] Bug #1562594 - Unbound 1.7.0 crashes with a buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1562594
--------------------------------------------------------------------------------
================================================================================
gnome-remote-desktop-0.1.6-2.fc29 (FEDORA-2018-26144a9b4d)
GNOME Remote Desktop screen share service
--------------------------------------------------------------------------------
Update Information:
Crash fix when PipeWire disconnects.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 2 2018 Jonas ��dahl <jadahl(a)redhat.com> - 0.1.6-2
- Don't crash when PipeWire disconnects (rhbz#1632781)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1632781 - [abrt] gnome-remote-desktop: grd_session_vnc_stop():
gnome-remote-desktop-daemon killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1632781
--------------------------------------------------------------------------------
================================================================================
golang-github-cznic-ql-1.2.0-2.fc29 (FEDORA-2018-615bbb8d13)
Embedded SQL database written in Go
--------------------------------------------------------------------------------
Update Information:
Added two upstream patches to fix issues (nil dereferences etc.).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Fabio Valentini <decathorpe(a)gmail.com> - 1.2.0-2
- Fix some bugs (nil dereference, etc.) by including upstream patches.
--------------------------------------------------------------------------------
================================================================================
homebank-5.2.2-1.fc29 (FEDORA-2018-8cb7d7d654)
Free easy personal accounting for all
--------------------------------------------------------------------------------
Update Information:
- Update to new upstream version 5.2.2 - Complete changelog here
http://homebank.free.fr/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Filipe Rosset <rosset.filipe(a)gmail.com> - 5.2.2-1
- Update to new upstream version 5.2.2
- Complete changelog here
http://homebank.free.fr/ChangeLog
--------------------------------------------------------------------------------
================================================================================
ibus-table-1.9.21-2.fc29 (FEDORA-2018-9bcdb40f21)
The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:
Require the Python interpreter directly instead of using the package name
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Mike FABIAN <mfabian(a)redhat.com> - 1.9.21-2
- Require the Python interpreter directly instead of using the package name
- Related: rhbz#1619153
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1619153 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1619153
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-2.1.3-1.fc29 (FEDORA-2018-325eb76226)
A completion input method
--------------------------------------------------------------------------------
Update Information:
Require the Python interpreter directly instead of using the package name
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1619153 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1619153
--------------------------------------------------------------------------------
================================================================================
iio-sensor-proxy-2.5-1.fc29 (FEDORA-2018-ea93149b97)
IIO accelerometer sensor to input device proxy
--------------------------------------------------------------------------------
Update Information:
This releases fixes a number of build warnings and bugs, as well as ensuring
that some devices have non-0 update frequencies, and that the sensor scale is
set to 1.0 when the device does not export one.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Bastien Nocera <bnocera(a)redhat.com> - 2.5-1
+ iio-sensor-proxy-2.5-1
- Update to 2.5
--------------------------------------------------------------------------------
================================================================================
intel-gmmlib-18.3.0-1.fc29 (FEDORA-2018-f32d8277fb)
Intel Graphics Memory Management Library
--------------------------------------------------------------------------------
Update Information:
This package is needed for the new intel-media-driver vaapi backend
https://bugzilla.rpmfusion.org/show_bug.cgi?id=5045
--------------------------------------------------------------------------------
================================================================================
libdparse-0.9.9-2.fc29 (FEDORA-2018-c0b4de3712)
Library for lexing and parsing D source code
--------------------------------------------------------------------------------
Update Information:
Apply Robert-Andr�� Mauchin fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1613572 - Review Request: libdparse - Library for lexing and parsing D
source code
https://bugzilla.redhat.com/show_bug.cgi?id=1613572
--------------------------------------------------------------------------------
================================================================================
mod_http2-1.11.1-1.fc29 (FEDORA-2018-9cdbb641f9)
module implementing HTTP/2 for Apache 2
--------------------------------------------------------------------------------
Update Information:
Security update for CVE-2018-11763
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2018 Lubo�� Uhliarik <luhliari(a)redhat.com> - 1.11.1-1
- new version 1.11.1 (CVE-2018-11763)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1633400 - CVE-2018-11763 mod_http2: httpd: DoS for HTTP/2 connections by
continuous SETTINGS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1633400
--------------------------------------------------------------------------------
================================================================================
netresolve-0.0.1-0.22.20160317git.fc29 (FEDORA-2018-7be27ff1d8)
Generic name resolution library
--------------------------------------------------------------------------------
Update Information:
New unbound release fixes several issues. - Changes libunbound soname, rebuilds
dependent packages.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 8 2018 Petr Men����k <pemensik(a)redhat.com> - 0.0.1-0.22.20160317git
- Rebuilt for unbound 1.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637387 - Cannot install gnutls-dane in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1637387
[ 2 ] Bug #1633874 - Request to incorporate fix for forwarding without ipv6
connectivity
https://bugzilla.redhat.com/show_bug.cgi?id=1633874
[ 3 ] Bug #1562594 - Unbound 1.7.0 crashes with a buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1562594
--------------------------------------------------------------------------------
================================================================================
openscap-1.3.0-1.fc29 (FEDORA-2018-93df1fbf1b)
Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:
- New features - Introduced a virtual '(all)' profile selecting all rules
- Verbose mode is a global option in all modules - Added Microsoft Windows
CPEs - oscap-ssh can supply SSH options into an environment variable -
Maintenance - Removed SEXP parser - Added Fedora 30 CPE - Fixed many
Coverity defects (memory leaks etc.) - SCE builds are enabled by default
- Moved many low-level functions out of public API - Removed unused and dead
code - Updated manual pages - Numerous small fixes
--------------------------------------------------------------------------------
================================================================================
openvswitch-2.10.0-1.fc29 (FEDORA-2018-06116a0f7f)
Open vSwitch daemon/database/utilities
--------------------------------------------------------------------------------
Update Information:
Updating to OVS 2.10 also fixes CVE-2018-17204, CVE-2018-17205 and
CVE-2018-17206
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 5 2018 Timothy Redaelli <tredaelli(a)redhat.com> - 2.10.0-1
- Align with "Fast Datapath" 2.10.0-10 (#1633555)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1633555 - Open vSwitch 2.10 package missing in Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=1633555
--------------------------------------------------------------------------------
================================================================================
pagure-5.1.1-1.fc29 (FEDORA-2018-f9e902b345)
A git-centered forge
--------------------------------------------------------------------------------
Update Information:
Update to 5.1.1 to fix various issues discovered post 5.0 release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Neal Gompa <ngompa13(a)gmail.com> - 5.1.1-1
- Update to 5.1.1 (RH#1637595)
* Tue Oct 9 2018 Neal Gompa <ngompa13(a)gmail.com> - 5.1-1
- Update to 5.1 (RH#1637516)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637516 - pagure-5.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1637516
[ 2 ] Bug #1637595 - pagure-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1637595
--------------------------------------------------------------------------------
================================================================================
perl-Catalyst-Runtime-5.90119-1.fc29 (FEDORA-2018-574ad69e10)
Catalyst Framework Runtime
--------------------------------------------------------------------------------
Update Information:
Updated to the latest version; Fix test for changes in MooseX::Getopt 0.73
(RT#127050)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 30 2018 Emmanuel Seyman <emmanuel(a)seyman.fr> - 5.90119-1
- Update to 5.90119
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1632294 - perl-Catalyst-Runtime-5.90119 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1632294
--------------------------------------------------------------------------------
================================================================================
phan-1.1.0-1.fc29 (FEDORA-2018-d5965904f1)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
08 Oct 2018, **Phan 1.1.0** Maintenance: + Work on making this compatible with
`php-ast` 1.0.0dev. (#2038) (Phan continues to support php-ast 0.1.5 and
newer). Remove dead code (such as helper functions and references to constants)
that aren't needed when using AST version 50 (which Phan uses). Some plugins
may be affected if they call these helper methods or use those constants when
the shim is used. Bug fixes: + Fix a crash parsing an empty `shell\_exec`
shorthand string when using the fallback parser (i.e. two backticks in a row) +
Fix a false positive `PhanUnusedVariable` warning about a variable declared
prior to a do/while loop (#2026) ---- 02 Oct 2018, **Phan 1.0.7** New
features(Analysis): * Support the (int|string)[] syntax of union types
(union of multiple types converted to an array) in PHPDoc (#2008) e.g. @param
(int|string)[] $paramName, @return (int|string)[] * Support spaces after
commas in array shapes (#1966) * Emit warnings when using non-strings as
dynamic method names (e.g. $o->{$notAString}()) New issue types:
PhanTypeInvalidMethodName, PhanTypeInvalidStaticMethodName,
PhanTypeInvalidCallableMethodName Plugins: * In HasPHPDocPlugin, use a more
compact representation to show what Phan sees from the raw doc comment. * In
HasPHPDocPlugin, warn about global functions without extractable PHPDoc
summaries. New issue types: PhanPluginNoCommentOnFunction,
PhanPluginDescriptionlessCommentOnFunction * In HasPHPDocPlugin, warn about
methods without extractable PHPDoc summaries. New issue types:
PhanPluginNoCommentOn*Method, PhanPluginDescriptionlessCommentOn*Method.
These can be suppressed based on the method FQSEN with plugin_config => [...,
'has_phpdoc_method_ignore_regex' => (a PCRE regex)] (e.g. to suppress issues
about tests, or about missing documentation about getters and setters, etc.)
Bug fixes: * Fix false positive PhanUnusedVariable for variables declared
before break/continue that are used after the loop. (#1985) * Properly emit
PhanUnusedVariable for variables where definitions are shadowed by definitions
in branches and/or loops. (#2012) * Properly emit PhanUnusedVariable for
variables which are redefined in a 'do while' loop. * Be more consistent
about emitting PhanUnusedVariableCaughtException when exception variable names
are reused later on. * Fix a crash when parsing @method annotations with many
parameters (#2019) ---- 25 Sep 2018, **Phan 1.0.6** New features: + Be more
consistent about warning about undeclared properties in some edge cases. New
issue types: `PhanUndeclaredClassProperty`, `PhanUndeclaredClassStaticProperty`
Maintenance: + Restore test files in future published releases' **git tags**
(#1986) (But exclude them from the zip/tar archives published on GitHub
Releases) - When `--prefer-dist` (the default) is used in composer to
download a stable release, the test files will not be part of the downloaded
files. Language Server/Daemon mode: + Add support for code completion
suggestions. (#1706). This can be enabled by passing `--language-server-enable-
completion`. This will complete references to the following element types:
- variable names (using superglobals and local variables that have been declared
in the scope) - global constants, global functions, and class names. -
class constants, instance and static properties, and instance and static method
names. NOTE: If you are completing from the empty string (e.g. immediately
after `->` or `::`), Phan may interpret the next word token (e.g. on the next
line) as the property/constant name/etc. to complete, due to the nature of the
parser used (The cursor position doesn't affect the parsing logic). -
Completion requests before tokens that can't be treated that way will not cause
that problem. (such as `}`, `;`, `)`, the end of the file, etc.) Bug fixes:
+ Fix various uncaught errors in Phan that occurred when parsing invalid ASTs.
Instead of crashing, warn about the bug or invalid AST. New issue types:
`PhanInvalidConstantFQSEN`, PhanContextNotObjectUsingSelf`,
`PhanInvalidTraitUse` (for unparseable trait uses) ---- 21 Sep 2018, **Phan
1.0.5** New Features (Analysis) + Warn if a PHPDoc annotation for an
element(`@param`, `@method`, or `@property*`) is repeated. (#1963) New issue
types: `PhanCommentDuplicateMagicMethod`, `PhanCommentDuplicateMagicProperty`,
`PhanCommentDuplicateParam` + Add basic support for `extract()` (#1978) +
Improve line numbers for warnings about `@param` and `@return` annotations
(#1369) Maintenance: + Make `ext-ast` a suggested composer dependency instead
of a required composer dependency (#1981) `--use-fallback-parser` allows Phan
to analyze files even when php-ast is not installed or enabled. + Remove test
files from future published releases (#1982) Plugins: + Properly warn about
code after `break` and `continue` in `UnreachableCodePlugin`. Previously, Phan
only warned about code after `throw` and `return`. Bug fixes: + Don't infer
bad types for variables when analyzing `array_push` using expressions containing
those variables. (#1955) (also fixes other `array_*` functions taking
references) + Fix false negatives in PHP5 backwards compatibility heuristic
checks (#1939) + Fix false positive `PhanUnanalyzableInheritance` for a method
inherited from a trait (which itself uses trait) (#1968) + Fix an uncaught
`RuntimeException` when type checking an array that was roughly 12 or more
levels deep (#1962) + Improve checks of the return type of magic methods against
methods inherited from ancestor classes (#1975) Don't emit a false positive
`PhanParamSignaturePHPDocMismatchReturnType` Language Server/Daemon mode: +
Fix an uncaught exception when extracting a URL with an unexpected scheme (not
`file:/...`) (#1960) + Fix false positive `PhanUnreferencedUseNormal` issues
seen when the daemon was running without pcntl (#1860)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Remi Collet <remi(a)remirepo.net> - 1.1.0-1
- update to 1.1.0
* Wed Oct 3 2018 Remi Collet <remi(a)remirepo.net> - 1.0.7-1
- update to 1.0.7
- raise dependency on microsoft/tolerant-php-parser 0.0.13
- php-ast is optional
* Wed Sep 26 2018 Remi Collet <remi(a)remirepo.net> - 1.0.6-1
- update to 1.0.6
- sources from git snapshot
* Sat Sep 22 2018 Remi Collet <remi(a)remirepo.net> - 1.0.5-1
- update to 1.0.5
- open
https://github.com/phan/phan/issues/1986 keep the tests
- keep ast mandatory despite it is now optional
--------------------------------------------------------------------------------
================================================================================
python-dogpile-cache-0.6.7-1.fc29 (FEDORA-2018-448761de6c)
A caching front-end based on the Dogpile lock
--------------------------------------------------------------------------------
Update Information:
Update to [0.6.7](https://dogpilecache.readthedocs.io/en/latest/changelog.html#c
hange-0.6.7) (rhbz#1609253).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Randy Barlow <bowlofeggs(a)fedoraproject.org> - 0.6.7-1
- Update to 0.6.7 (#1609253).
-
https://dogpilecache.readthedocs.io/en/latest/changelog.html#change-0.6.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1609253 - python-dogpile-cache-0.6.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1609253
--------------------------------------------------------------------------------
================================================================================
python-paramiko-2.4.2-1.fc29 (FEDORA-2018-ea6b328afd)
SSH2 protocol library for python
--------------------------------------------------------------------------------
Update Information:
Python Paramiko versions 2.3.2 and 2.4.1 are vulnerable to an authentication
bypass in `paramiko/auth_handler.py`. A remote attacker could exploit this
vulnerability in Paramiko SSH servers to execute arbitrary code. Note that
applications using Paramiko only as a client (such as ansible) are not affected
by this. There is also an additional fix preventing `MSG_UNIMPLEMENTED`
feedback loops that could manifest when both ends of a connection are Paramiko-
based.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Paul Howarth <paul(a)city-fan.org> - 2.4.2-1
- Update to 2.4.2
- Fix exploit (GH#1283, CVE-2018-1000805) in Paramiko���s server mode (not
client mode) where hostile clients could trick the server into thinking
they were authenticated without actually submitting valid authentication
- Modify protocol message handling such that Transport does not respond to
MSG_UNIMPLEMENTED with its own MSG_UNIMPLEMENTED; this behavior probably
didn���t cause any outright errors, but it doesn���t seem to conform to the
RFCs and could cause (non-infinite) feedback loops in some scenarios
(usually those involving Paramiko on both ends)
- Add *.pub files to the MANIFEST so distributed source packages contain
some necessary test assets (GH#1262)
- Test suite now requires mock ��� 2.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637263 - CVE-2018-1000805 python-paramiko: Authentication bypass in
auth_handler.py
https://bugzilla.redhat.com/show_bug.cgi?id=1637263
--------------------------------------------------------------------------------
================================================================================
python-pocketlint-0.18-1.fc29 (FEDORA-2018-3568d3a402)
Support for running pylint against projects
--------------------------------------------------------------------------------
Update Information:
Change a way how pockelint starts pylint. Now it always starts pylint by the
same python executable which is used to start pocketlint. Thanks to this change
no further changes are required to adapt pocketlint to future pylint versions.
Add pocketlint to PyPi repository. So it can be also installed by pip now.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Jiri Konecny <jkonecny(a)redhat.com> - 0.18-1
- Use pylint from python which starts pocketlint (jkonecny)
- Remove python six package and its usage (jkonecny)
- Add polib to setup.py dependencies (jkonecny)
- Fix requires in setup.py (jkonecny)
- Add release-pypi target to Makefile (jkonecny)
- Add missing parts to setup.py (jkonecny)
--------------------------------------------------------------------------------
================================================================================
rpkg-1.56-2.fc29 (FEDORA-2018-7b2fa66518)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
Add patch from upstream pull-request to add a flatpak-build subcommand
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 7 2018 Owen Taylor <otaylor(a)redhat.com> - 1.56-2
- Add patch from upstream pull-request to add a flatpak-build subcommand
- Add PyYAML dependencies so that the spec file at least builds on epel6/epel7
--------------------------------------------------------------------------------
================================================================================
rtkit-0.11-20.fc29 (FEDORA-2018-66f441eb34)
Realtime Policy and Watchdog Daemon
--------------------------------------------------------------------------------
Update Information:
Fix linked bug.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Zbigniew J��drzejewski-Szmek <zbyszek(a)in.waw.pl> - 0.11-20
- Modernize a bit and fix BuildRequires (#1637496)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637496 - "%systemd_post rtkit-daemon.service" found in postinstall
script
https://bugzilla.redhat.com/show_bug.cgi?id=1637496
--------------------------------------------------------------------------------
================================================================================
rubygem-liquid-4.0.1-1.fc29 (FEDORA-2018-3ca02cdfcc)
Secure, non-evaling end user template engine
--------------------------------------------------------------------------------
Update Information:
Update to version 4.0.1. Changes:
https://github.com/Shopify/liquid/compare/v4.0.0...v4.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Fabio Valentini <decathorpe(a)gmail.com> - 4.0.1-1
- Update to version 4.0.1.
--------------------------------------------------------------------------------
================================================================================
rubygem-nokogiri-1.8.5-1.fc29 (FEDORA-2018-a2ebf63307)
An HTML, XML, SAX, and Reader parser
--------------------------------------------------------------------------------
Update Information:
New version 1.8.5 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.8.5-1
- 1.8.5
--------------------------------------------------------------------------------
================================================================================
scorep-4.0-1.fc29 (FEDORA-2018-0940501445)
Scalable Performance Measurement Infrastructure for Parallel Codes
--------------------------------------------------------------------------------
Update Information:
New major version, fixing FTBFS with cube4.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 25 2018 Dave Love <loveshack(a)fedoraproject.org> - 4.0-1
- New version (#1606317, #1574496); soname bump affects old binaries
- Remove bundled cubew, cubelib
- Account for _libdir being partially ignored
- Maybe BR gcc-plugin-devel
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1574496 - scorep-4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1574496
--------------------------------------------------------------------------------
================================================================================
switchboard-2.3.4-1.fc29 (FEDORA-2018-f4bfbd151a)
Modular Desktop Settings Hub
--------------------------------------------------------------------------------
Update Information:
Update to version 2.3.4. This update fixes broken translations that were
introduced with version 2.3.3. Release notes:
https://github.com/elementary/switchboard/releases/tag/2.3.4 --- Update to
version 2.3.3. Release notes:
https://github.com/elementary/switchboard/releases/tag/2.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 9 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.3.4-1
- Update to version 2.3.4.
* Fri Oct 5 2018 Fabio Valentini <decathorpe(a)gmail.com> - 2.3.3-1
- Update to version 2.3.3.
--------------------------------------------------------------------------------
================================================================================
thunderbird-60.2.1-2.fc29 (FEDORA-2018-3eed69eedc)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 3 2018 Jan Horak <jhorak(a)redhat.com> - 60.2.1-2
- Update to 60.2.1
- Added fix for rhbz#1546988
* Wed Aug 15 2018 Jan Horak <jhorak(a)redhat.com> - 60.0-1
- Update to 60.0
- Removing gdata-provider extension because it's no longer provided by Thunderbird
* Sat Jul 14 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 52.9.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 10 2018 Jan Horak <jhorak(a)redhat.com> - 52.9.1-1
- Update to 52.9.1
--------------------------------------------------------------------------------
================================================================================
unbound-1.8.1-1.fc29 (FEDORA-2018-7be27ff1d8)
Validating, recursive, and caching DNS(SEC) resolver
--------------------------------------------------------------------------------
Update Information:
New unbound release fixes several issues. - Changes libunbound soname, rebuilds
dependent packages.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 8 2018 Petr Men����k <pemensik(a)redhat.com> - 1.8.1-1
- Update to 1.8.1
* Mon Oct 1 2018 Petr Men����k <pemensik(a)redhat.com> - 1.8.0-2
- Skip ipv6 forwarders without ipv6 support (#1633874)
* Wed Sep 19 2018 Petr Men����k <pemensik(a)redhat.com> - 1.8.0-1
- Rebase to 1.8.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1637387 - Cannot install gnutls-dane in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1637387
[ 2 ] Bug #1633874 - Request to incorporate fix for forwarding without ipv6
connectivity
https://bugzilla.redhat.com/show_bug.cgi?id=1633874
[ 3 ] Bug #1562594 - Unbound 1.7.0 crashes with a buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=1562594
--------------------------------------------------------------------------------