The following Fedora 35 Security updates need testing:
Age URL
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-97b214b298
nodejs-16.14.0-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c30b1a8aa3
cyrus-imapd-3.2.8-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2fa5931425
libnbd-1.10.5-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e90299fabf
phpMyAdmin-5.1.3-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3fc85cd09c
radare2-5.6.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c84a5480be
java-1.8.0-openjdk-aarch32-1.8.0.322.b06-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-df1df6debd
libtiff-4.3.0-4.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-310e303f6b pungi-4.3.3-3.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-25879afa08
rdma-core-39.0-1.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-17e7d10dd2
python-cffi-1.15.0-4.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7ff8d3feb1
libtool-2.4.6-48.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-b8a0ba001c
langtable-0.0.57-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d59f101429
rygel-0.40.3-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-df1df6debd
libtiff-4.3.0-4.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-7f5c4ba1f4
tigervnc-1.12.0-5.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4f24755392
initscripts-10.15-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3cd0e77668 audit-3.0.7-2.fc35
The following builds have been pushed to Fedora 35 updates-testing
btrfs-progs-5.16.2-1.fc35
cockpit-263-1.fc35
cockpit-machines-261-1.fc35
cockpit-podman-42-1.fc35
cups-2.3.3op2-14.fc35
dotnet6.0-6.0.102-1.fc35
fbf-mukti-fonts-3.0.2-4.fc35
fcitx5-5.0.14-5.fc35
gap-pkg-fr-2.4.8-1.fc35
gedit-41.0-1.fc35
gedit-plugins-41.0-1.fc35
golang-github-ipfs-cid-0.1.0-1.fc35
golang-github-ipfs-log-2.5.0-1.fc35
golang-github-kubuxu-os-helper-0.0.1-1.fc35
golang-github-texttheater-levenshtein-1.0.1-1.fc35
gscan2pdf-2.12.5-1.fc35
gtk4-4.4.2-1.fc35
help2man-1.49.1-1.fc35
hunspell-ro-3.3.10-1.fc35
icecat-91.6.0-1.rh1.fc35
jmol-14.32.22-1.fc35
kernel-5.16.10-200.fc35
libcgif-0.2.0-1.fc35
mkvtoolnix-65.0.0-1.fc35
mozilla-noscript-11.2.25-1.fc35
mozilla-ublock-origin-1.41.2-1.fc35
notmuch-0.35-2.fc35
osbuild-48-1.fc35
perl-Dist-Milla-1.0.21-1.fc35
perl-Net-DNS-1.33-1.fc35
php-8.0.16-1.fc35
php-laminas-session-2.12.1-1.fc35
php-pecl-redis5-5.3.7-1.fc35
polkit-0.120-1.fc35.2
pychess-1.0.3-1.fc35
python-google-cloud-container-2.10.5-1.fc35
python-scp-0.14.3-1.fc35
python2.7-2.7.18-20.fc35
rust-kurbo-0.8.3-2.fc35
smb4k-3.1.1-2.fc35
swid-tools-0.8.13-1.fc35
wireshark-3.6.2-1.fc35
xpra-4.3.2-1.fc35
Details about builds:
================================================================================
btrfs-progs-5.16.2-1.fc35 (FEDORA-2022-62de3045f7)
Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:
* mkfs: fix detection of profile type for zoned mode when creating DUP * build:
* add missing stub for zoned mode helper when zoned mode not enabled * fix
64bit types on MIPS and PowerPC * improved zoned mode support autodetection,
for systems with existing blkzone.h header but missing support for zone
capacity * other: * doc updates * test updates
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Neal Gompa <ngompa(a)fedoraproject.org> - 5.16.2-1
- Update to 5.16.2
--------------------------------------------------------------------------------
================================================================================
cockpit-263-1.fc35 (FEDORA-2022-79368331c2)
Web Console for Linux servers
--------------------------------------------------------------------------------
Update Information:
- Shell: Fix browser history - Cockpit-Client: Enable forward/back button
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Cockpit Project <cockpituous(a)gmail.com> - 263-1
- Update to upstream 263 release
--------------------------------------------------------------------------------
================================================================================
cockpit-machines-261-1.fc35 (FEDORA-2022-32bbb3dfa3)
Cockpit user interface for virtual machines
--------------------------------------------------------------------------------
Update Information:
- Tests improvements and stabilization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jelle van der Waa <jvanderwaa(a)redhat.com> - 261-1
- Tests improvements and stabilization
--------------------------------------------------------------------------------
================================================================================
cockpit-podman-42-1.fc35 (FEDORA-2022-a31351ca03)
Cockpit component for Podman containers
--------------------------------------------------------------------------------
Update Information:
- Tests improvements and stabilization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jelle van der Waa <jvanderwaa(a)redhat.com> - 42-1
- Tests improvements and stabilization
--------------------------------------------------------------------------------
================================================================================
cups-2.3.3op2-14.fc35 (FEDORA-2022-cfbda27b6f)
CUPS printing system
--------------------------------------------------------------------------------
Update Information:
recommend ipp-usb for devices which support IPP-over-USB
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Zdenek Dohnal <zdohnal(a)redhat.com> - 1:2.3.3op2-14
- recommend ipp-usb for devices which support IPP-over-USB
--------------------------------------------------------------------------------
================================================================================
dotnet6.0-6.0.102-1.fc35 (FEDORA-2022-4f43c83583)
.NET Runtime and SDK
--------------------------------------------------------------------------------
Update Information:
This is the February update for .NET 6. It updates the SDK to 6.0.102 and the
Runtime to 6.0.2. Release Notes:
https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.2/6.0.2.md This
includes a fix for CVE-2022-21986
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 14 2022 Omair Majid <omajid(a)redhat.com> - 6.0.102-1
- Update to .NET SDK 6.0.102 and Runtime 6.0.2
--------------------------------------------------------------------------------
================================================================================
fbf-mukti-fonts-3.0.2-4.fc35 (FEDORA-2022-e6f3e3c4ba)
Bangla open source Opentype font
--------------------------------------------------------------------------------
Update Information:
first release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 6 2022 21:22:41 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.2-4
- corrected distag entry
* Sun Feb 6 2022 14:42:41 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.2-3
- forgesource macro usage with updated source
* Sun Feb 6 2022 06:10:33 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.2-2
- corrected typos
* Sat Feb 5 2022 22:56:29 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.2-1
- bumped upstream to version 3.0.2
- change docs and licence to match upstream
- removed forgemeta references
* Fri Feb 4 2022 19:36:29 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.1-4
- Modified fontconfig
- removed excess white spaces and tabs in spec file
- modified source line and fontcofig lines in spec
* Thu Feb 3 2022 15:30:00 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.1-3
- Preparing fonts from source sfd files using fontforge as required in gpl
- collecting source from remote
* Wed Feb 2 2022 21:30:16 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.1-2
- modification of spec file to remove unecessary elements
* Fri Jan 28 2022 21:42:16 +0530 Dr Anirban Mitra <mitra_anirban(a)yahoo.co.in> -
3.0.1-1
- Change in EM square from 2048 to 1000
- Upgrade fto Unicode 14.0 standard for Bengali
- shift from version 1 to version 2 of Bengali OpenType specification
- support for Assamese language
- support for both traditional and modern form of conjunts
- addition of vedic stress marks
- removal of Latin glyphs
- removal of references and over lapping
- addition of missing conjuncts
- various bugfixes
- Removed Bengali namespace error of double utf-8 encoding
- Created Mukti from MuktiNarrow
- Converted splines from quadratic to cubic
- saved source in fontforge sfd format
- removed microsoft volt tables from font
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2048456 - Review Request: fbf-mukti-fonts - Bangla open source Opentype font
https://bugzilla.redhat.com/show_bug.cgi?id=2048456
--------------------------------------------------------------------------------
================================================================================
fcitx5-5.0.14-5.fc35 (FEDORA-2022-7d82b14f5a)
Next generation of fcitx
--------------------------------------------------------------------------------
Update Information:
fix weak deps
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Qiyu Yan <yanqiyu(a)fedoraproject.org> 5.0.14-5
- fix weak deps
--------------------------------------------------------------------------------
================================================================================
gap-pkg-fr-2.4.8-1.fc35 (FEDORA-2022-ded55434db)
Computations with functionally recursive groups
--------------------------------------------------------------------------------
Update Information:
Changes in version 2.4.8: - Moved the `IsRange` and `Immutable` calls for
alphabet - PackageInfo.g: remove unused Autoload flags - Call `First` instead of
`FirstOp` - Remove 'ends here' comments - Replace internal GAP names by official
counterparts - Remove `READ_COMMAND_REAL` - Silly bug fix in
`IsLevelTransitiveFRGroup`
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jerry James <loganjerry(a)gmail.com> - 2.4.8-1
- Version 2.4.8
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.4.7-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054938 - gap-pkg-fr-2.4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054938
--------------------------------------------------------------------------------
================================================================================
gedit-41.0-1.fc35 (FEDORA-2022-f027ce02d8)
Text editor for the GNOME desktop
--------------------------------------------------------------------------------
Update Information:
Update to 41.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 14 2022 David King <amigadave(a)amigadave.com> - 2:41.0-1
- Update to 41.0
--------------------------------------------------------------------------------
================================================================================
gedit-plugins-41.0-1.fc35 (FEDORA-2022-f027ce02d8)
Plugins for gedit
--------------------------------------------------------------------------------
Update Information:
Update to 41.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 David King <amigadave(a)amigadave.com> - 41.0-1
- Update to 41.0
* Tue Feb 15 2022 David King <amigadave(a)amigadave.com> - 40.1-4
- Rebuilt for gedit soname change
--------------------------------------------------------------------------------
================================================================================
golang-github-ipfs-cid-0.1.0-1.fc35 (FEDORA-2022-d49ba9e45b)
Content ID v1 implemented in go
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 0.1.0-1
- Initial import
--------------------------------------------------------------------------------
================================================================================
golang-github-ipfs-log-2.5.0-1.fc35 (FEDORA-2022-e4a11bc6fb)
A logging library used by go-ipfs
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.5.0-1
- Initial import
--------------------------------------------------------------------------------
================================================================================
golang-github-kubuxu-os-helper-0.0.1-1.fc35 (FEDORA-2022-b49f7bd479)
Returns OS type
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 0.0.1-1
- Initial import
--------------------------------------------------------------------------------
================================================================================
golang-github-texttheater-levenshtein-1.0.1-1.fc35 (FEDORA-2022-b8ed0d5ad3)
An implementation of the Levenshtein algorithm in Go.
--------------------------------------------------------------------------------
Update Information:
Initial import
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 1.0.1-1
- Initial import
--------------------------------------------------------------------------------
================================================================================
gscan2pdf-2.12.5-1.fc35 (FEDORA-2022-ae249307ed)
GUI for producing a multipage PDF from a scan
--------------------------------------------------------------------------------
Update Information:
This release fixes logging Unicode characters. It also improves German, Italian,
Russian, Slovak, and Ukrainian translations.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Petr Pisar <ppisar(a)redhat.com> - 2.12.5-1
- 2.12.5 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054880 - gscan2pdf-2.12.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054880
--------------------------------------------------------------------------------
================================================================================
gtk4-4.4.2-1.fc35 (FEDORA-2022-f3b3f850a7)
GTK graphical user interface library
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 David King <amigadave(a)amigadave.com> - 4.4.2-1
- Update to 4.4.2
--------------------------------------------------------------------------------
================================================================================
help2man-1.49.1-1.fc35 (FEDORA-2022-c7161ac5d5)
Create simple man pages from --help output
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Ralf Cors��pius <corsepiu(a)fedoraproject.org> - 1.49.1-1
- Upstream update to 1.49.1.
--------------------------------------------------------------------------------
================================================================================
hunspell-ro-3.3.10-1.fc35 (FEDORA-2022-5541c33364)
Romanian hunspell dictionaries
--------------------------------------------------------------------------------
Update Information:
- update hunspell-ro to its latest release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Caolan McNamara <caolanm(a)redhat.com> - 3.3.10-1
- Resolves: rhbz#2055303 latest version
* Fri Feb 11 2022 Vishal Vijayraghavan <vishalvvr(a)fedoraproject.org> - 3.3.7-21
- rename install directory name from myspell to hunspell
-
https://fedoraproject.org/wiki/Changes/Hunspell_dictionary_dir_change
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.3.7-20
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2055303 - version 3.3.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2055303
--------------------------------------------------------------------------------
================================================================================
icecat-91.6.0-1.rh1.fc35 (FEDORA-2022-0076241794)
GNU version of Firefox browser
--------------------------------------------------------------------------------
Update Information:
- Release 91.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 91.6.0-1.rh1
- Release 91.6.0
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 91.5.0-4.rh1
- Rebuilt for java-17-openjdk as system jdk
* Tue Jan 25 2022 Parag Nemade <pnemade AT redhat DOT com> - 91.5.0-3.rh1
- Update hunspell directory path
F36 Change
https://fedoraproject.org/wiki/Changes/Hunspell_dictionary_dir_change
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
91.5.0-2.rh1
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
jmol-14.32.22-1.fc35 (FEDORA-2022-188eab6adb)
Java viewer for chemical structures in 3D
--------------------------------------------------------------------------------
Update Information:
See
https://sourceforge.net/p/jmol/code/HEAD/tree/trunk/Jmol/src/org/jmol/viewer
/Jmol.properties for changes in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jerry James <loganjerry(a)gmail.com> - 14.32.22-1
- Version 14.32.22
* Sat Feb 5 2022 Jiri Vanek <jvanek(a)redhat.com> - 14.32.16-2
- Rebuilt for java-17-openjdk as system jdk
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2048868 - jmol-14.32.22 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2048868
--------------------------------------------------------------------------------
================================================================================
kernel-5.16.10-200.fc35 (FEDORA-2022-9d4e48836d)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.16.10 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Justin M. Forbes <jforbes(a)fedoraproject.org> [5.16.10-200]
- New configs for 5.16.10 (Justin M. Forbes)
* Wed Feb 16 2022 Justin M. Forbes <jforbes(a)fedoraproject.org> [5.16.10-0]
- Revert "x86/PCI: Ignore E820 reservations for bridge windows on newer systems"
(Justin M. Forbes)
- usb: gadget: clear related members when goto fail (Hangyu Hua)
- usb: gadget: don't release an existing dev->buf (Hangyu Hua)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2053548 - CVE-2022-24958 kernel: use-after-free in dev->buf release in
drivers/usb/gadget/legacy/inode.c
https://bugzilla.redhat.com/show_bug.cgi?id=2053548
--------------------------------------------------------------------------------
================================================================================
libcgif-0.2.0-1.fc35 (FEDORA-2022-5734e2f56c)
A fast and lightweight GIF encoder
--------------------------------------------------------------------------------
Update Information:
**Version 0.2.0** Improvements: * Added frame-level flag
CGIF_FRAME_ATTR_HAS_ALPHA (for setting per-frame alpha channel #38) * Added
frame-level flag CGIF_FRAME_ATTR_HAS_SET_TRANS (allows the user to set which
pixels are reused from the previous frame #38) Project specific changes: *
Added checksum test for coverage test cases (45e6842) * Refactored cgif
(added internal and non-public raw API, #36)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Remi Collet <remi(a)remirepo.net> - 0.2.0-1
- update to 0.2.0
--------------------------------------------------------------------------------
================================================================================
mkvtoolnix-65.0.0-1.fc35 (FEDORA-2022-61a0511cb5)
Matroska container manipulation utilities
--------------------------------------------------------------------------------
Update Information:
# Version 65.0.0 "Too Much" 2022-02-06 ## New features and enhancements *
mkvmerge: the options `--default-track` and `--forced-track` have been renamed
to `--default-track-flag` and `--forced-display-flag` respectively for improved
consistency with other option names & the wording used in the GUI. However, the
old names will be supported and recognized indefinitely. What will remain
unchanged is the property names for those flags in mkvmerge's identification
output. Existing third-party programs will continue working as they are. *
mkvmerge: added a new option `--track-enabled-flag` to set or unset the "track
enabled" track header flag. * mkvmerge: MP4 reader: `mkvmerge` will now evaluate
the `flags` field of the track header atom (`tkhd`) and set the track's
"enabled" flag accordingly. Implements #3272. * MKVToolNix GUI: multiplexer:
added support for the "track enabled" track header flag. * MKVToolNix GUI:
multiplexer, header editor: added several menu entries & keyboard shortcuts for
toggling various track flags of the currently selected tracks, e.g. `Ctrl+Alt+F,
D` (that's `Ctrl` and `Alt` with `F` simultaneously followed by `D` without any
other key pressed) for toggling the "default track" flag. Part of the
implementation of #3253. * MKVToolNix GUI: multiplexer, header editor: added
menu entries & keyboard shortcuts for setting the language of the currently
selected tracks to one from a configurable list of languages. The shortcuts used
are `Ctrl+Alt+A, 1` through `Ctrl+Alt+A, 0` for the first ten entries of that
list (that's `Ctrl` and `Alt` with `A` simultaneously followed by a digit
without any other key pressed). Part of the implementation of #3253. *
MKVToolNix GUI: chapter editor: if the user enters commas in start or end
timestamps they will automatically be changed to points as the decimal
separator, allowing for easier copy & paste from other programs/sources.
Implements #3273. * MKVToolNix: header editor: the selected track or attached
file can now be moved up & down with the keyboard shortcuts `Ctrl+Up` &
`Ctrl+Down` respectively. Part of the implementation of #3253. ## Bug fixes *
mkvmerge: Matroska reader: DVB subtitle tracks with a codec private data size of
more than five bytes are accepted now, too. Fixes #3258.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Dominik Mierzejewski <rpm(a)greysector.net> - 65.0.0-1
- update to 65.0.0 (#2051181)
--------------------------------------------------------------------------------
================================================================================
mozilla-noscript-11.2.25-1.fc35 (FEDORA-2022-f9f9bc2d0c)
JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:
* More robust policy fetching * [Firefox] Fix regression causing file:// policy
not to be correctly enforced sometimes * [nscl] Avoid unnecessary window
patching * [nscl] Fix rare breakages due to xray cloning * Better fallback for
failing syncMessage * [XSS] Simplified preemptive name sanitization * [L10n]
Updated de * [XSS] Fix false positive warning when "name" is in the query
string
(thanks John Shield / DuckDuckGo for reporting) * [XSS] Faster invalidCharsRx
initialization on Gecko 78 and above * [XSS] More resilient name handling *
[nscl] Use HTTPS SyncMessage endpoint for Chromium too (works around lack of
file access by default on packed extensions breaking NoScript) * Fallback to
synchronous policy fetching if the document is already loaded (e.g. on updates)
* [XSS] Interactive testing made a bit easier * [nscl] Mitigate side effects of
dead objects on patched windows during extension updates * [XSS] Fix false
positive on Microsoft authentication (thanks GrK and Hanna_Payne for reporting)
* [nscl] Work-around for object element initialization inconsistencies on
Firefox (thanks skriptimaahinen for reporting) * [L10n] Updated fr * Better
support for service workers in unrestricted modes (thanks Mark McVeigh for
reporting) * [nscl] Improved cross-frame auto-patching * [nscl] Updated
SyncMessage fixes conflict with other content blockers (thanks gwarser, barbaz
and Baraoic)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Dominik Mierzejewski <rpm(a)greysector.net> - 11.2.25-1
- update to 11.2.25 (#2050078)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2050078 - mozilla-noscript-11.2.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2050078
--------------------------------------------------------------------------------
================================================================================
mozilla-ublock-origin-1.41.2-1.fc35 (FEDORA-2022-802ed7e6a1)
An efficient blocker for Firefox
--------------------------------------------------------------------------------
Update Information:
## New ### Dark mode Support for dark mode added to the Settings pane, under
the (new) Appearance section. The new setting can be either Auto, Light, or
Dark. In addition, there is a new setting to control the accent color used by
uBO throughout its user interface. For example, changing the accent color
changes the look of the popup panel. ### Behavior at browser launch A new
setting in "Filter lists" pane to control whether uBO should wait for all
filter
lists to be loaded before unsuspending network activity. By default, at browser
launch uBO waits for all filter lists to be loaded before unsuspending network
activity so as to ensure web pages are properly filtered at launch. The new
setting allows to opt out of network activity suspension at launch, i.e.
allowing web pages to load without waiting for filter lists to be fully loaded,
of course at the cost of potentially not filtering properly those web pages.
### Closed as fixed: * Logger incorrectly reporting `header=` filters * Picker
is broken by quotation mark in attribute * Use "���" instead of "..."
* Fix bad
detection of unnecessary trailing | * Unexplained popup block on streamlare *
Scrollbars appear in click2load.html * Element Zapper denies on a specific
website * Prevent uBO from hiding html or body when matched by a generic
cosmetic filter (final fix) * Dark Mode support ### Notable commits without an
entry in the issue tracker: * Add a redirectable script that sets canRunAds
true * Improve dealing with ambiguity in regex-based-looking network filters *
Improve google-analytics shim * Fix regression causing regex-based filters to be
case sensitive * Add shim for FingerprintJS (aka Fingerprint v3) * Disable the
suspending of network requests when installing the extension * Do not select
background images as best candidate in picker * Add "blockedDetails" section to
troubleshooting information * Remove "ABP X Files" from stock filter lists *
Add
setting to control suspension on network activity at launch * Make
FilterJustOrigin derive from FilterOriginHitSet
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Dominik Mierzejewski <rpm(a)greysector.net> - 1.41.2-1
- update to 1.41.2 (#2052004)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2052004 - mozilla-ublock-origin-1.41.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2052004
--------------------------------------------------------------------------------
================================================================================
notmuch-0.35-2.fc35 (FEDORA-2022-49ee2c0616)
System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:
enable the test suite and rebase with 0.35
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Michael J Gruber <mjg(a)fedoraproject.org> 0.35-2
- enable the test suite
* Sun Feb 6 2022 Michael J Gruber <mjg(a)fedoraproject.org> 0.35-1
- rebase with upstream release 0.35
* Sun Jan 30 2022 Michael J Gruber <mjg(a)fedoraproject.org> 0.35~rc0-1
- rebase with upstream release candidate 0.35~rc0 (bz #2030690)
* Thu Jan 27 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> 0.34.3-3
- F-36: rebuild against ruby31
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.34.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sun Jan 9 2022 Michael J Gruber <mjg(a)fedoraproject.org> 0.34.3-1
- rebase with upstream release 0.34.3
* Sat Dec 18 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34.2-3
- switch to modern spec macros
* Fri Dec 17 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34.2-2
- stop catering to ancient releases
* Thu Dec 9 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34.2-1
- rebase with upstream release 0.34.2
* Thu Dec 9 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34.1-2
- reduce build requirements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2030690 - notmuch-0.35 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2030690
--------------------------------------------------------------------------------
================================================================================
osbuild-48-1.fc35 (FEDORA-2022-0e5a48cc2f)
A build system for OS images
--------------------------------------------------------------------------------
Update Information:
Update osbuild to the latest version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Packit Service <user-cont-team+packit-service(a)redhat.com> - 48-1
CHANGES WITH 48:
----------------
* skopeo stage: remove overlay/backingFsBlockDev file after install (#970)
* Add support for embedding containers in images (#952)
* Initial work on more reproducible builds (#962)
* Bootiso: add the option to compress using lz4 (#951)
* runners: add rhel-87 (#963)
Contributions from: Alexander Larsson, Christian Kellner, Jakub Rusz, Ond��ej Budai, Roy
Golan, Thomas Lavocat, jkozol
��� Berlin, 2022-02-16
--------------------------------------------------------------------------------
================================================================================
perl-Dist-Milla-1.0.21-1.fc35 (FEDORA-2022-76a296a3a3)
CPAN distribution builder
--------------------------------------------------------------------------------
Update Information:
This release accepts dirty LICENSE files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Petr Pisar <ppisar(a)redhat.com> - 1.0.21-1
- 1.0.21 bump
- Package the tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2053914 - perl-Dist-Milla-1.0.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2053914
--------------------------------------------------------------------------------
================================================================================
perl-Net-DNS-1.33-1.fc35 (FEDORA-2022-b719f13aca)
DNS resolver modules for Perl
--------------------------------------------------------------------------------
Update Information:
Fix deep recursion on SVCB records
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Paul Wouters <paul.wouters(a)aiven.io> - 1.33-1
- 1.33 bump
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.32-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-8.0.16-1.fc35 (FEDORA-2022-1596a2dacb)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
**PHP version 8.0.16** (17 Feb 2022) **Core:** * Fixed bug php#81430
(Attribute instantiation leaves dangling pointer). (beberlei) * Fixed bug
[
GH-7896](https://github.com/php/php-src/issues/7896) (Environment vars may be
mangled on Windows). (cmb) **FFI:** * Fixed bug
[
GH-7867](https://github.com/php/php-src/issues/7867) (FFI::cast() from pointer
to array is broken). (cmb, dmitry) **Filter:** * Fixed bug php#81708: UAF due
to php_filter_float() failing for ints. (**CVE-2021-21708**) (cmb) **FPM:** *
Fixed memory leak on invalid port. (David Carlier) **MBString:** * Fixed bug
[
GH-7902](https://github.com/php/php-src/issues/7902) (mb_send_mail may delimit
headers with LF only). (cmb) **MySQLnd:** * Fixed bug
[
GH-7972](https://github.com/php/php-src/issues/7972) (MariaDB version prefix
5.5.5- is not stripped). (Kamil Tekiela) **Sockets:** * Fixed ext/sockets
build on Haiku. (David Carlier) * Fixed bug
[
GH-7978](https://github.com/php/php-src/issues/7978) (sockets extension
compilation errors). (David Carlier) **Standard:** * Fixed bug
[
GH-7875](https://github.com/php/php-src/issues/7875) (mails are sent even if
failure to log throws exception). (cmb)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Remi Collet <remi(a)remirepo.net> - 8.0.16-1
- Update to 8.0.16 -
http://www.php.net/releases/8_0_16.php
--------------------------------------------------------------------------------
================================================================================
php-laminas-session-2.12.1-1.fc35 (FEDORA-2022-0ae4b86c8d)
Laminas Framework Session component
--------------------------------------------------------------------------------
Update Information:
**Version 2.12.1** Bug * 48: Clear metadata even if session key didn't
exist thanks to @omarkdev and @Piescko
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Remi Collet <remi(a)remirepo.net> - 2.12.1-1
- update to 2.12.1
--------------------------------------------------------------------------------
================================================================================
php-pecl-redis5-5.3.7-1.fc35 (FEDORA-2022-5d8b7114db)
Extension for communicating with the Redis key-value store
--------------------------------------------------------------------------------
Update Information:
**phpredis 5.3.7** - Fix RedisArray::[hsz]scan and tests [08a9d5db, 0264de18]
(Pavlo Yatsukhnenko, Michael Grunder) - Fix RedisArray::scan [8689ab1c] (Pavlo
Yatsukhnenko) - Fix LZF decompression logic [0719c1ec] (Michael Grunder)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Remi Collet <remi(a)remirepo.net> - 5.3.7-1
- update to 5.3.7
--------------------------------------------------------------------------------
================================================================================
polkit-0.120-1.fc35.2 (FEDORA-2022-353b7254fd)
An authorization framework
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-4115
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jan Rybar <jrybar(a)redhat.com> - 0.120-1.2
- file descriptor exhaustion (GHSL-2021-077)
- Resolves: CVE-2021-4115
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007534 - CVE-2021-4115 polkit: file descriptor leak allows an unprivileged
user to cause a crash
https://bugzilla.redhat.com/show_bug.cgi?id=2007534
--------------------------------------------------------------------------------
================================================================================
pychess-1.0.3-1.fc35 (FEDORA-2022-a4746ca227)
Chess game for GNOME
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 15 2022 Davide Cavalca <dcavalca(a)fedoraproject.org> - 1.0.3-1
- Update to 1.0.3
- Backport PR#1897 to update the bundled metainfo xml
- Backport PR#1898 to remove unnecessary shebangs
- Disable version update check
- Build and package the documentation
- Conditionally run the test suite
- Drop logic for retired versions and update macros
- Update project URL
- Update BuildRequires and add a Recommends for stockfish
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.12.4-25
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1491073 - pychess-1.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1491073
--------------------------------------------------------------------------------
================================================================================
python-google-cloud-container-2.10.5-1.fc35 (FEDORA-2022-2d653263ca)
Python Client for Google Cloud Kubernetes Engine API
--------------------------------------------------------------------------------
Update Information:
Update to 2.10.5 ---- Update to 2.10.4 ---- Update to 2.10.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Major Hayden <major(a)mhtx.net> 2.10.5-1
- Update to 2.10.5
* Tue Feb 15 2022 Major Hayden <major(a)mhtx.net> 2.10.4-1
- Update to 2.10.4
* Mon Feb 14 2022 Major Hayden <major(a)mhtx.net> 2.10.3-1
- Update to 2.10.3
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 2.10.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2053772 - python-google-cloud-container-2.10.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2053772
[ 2 ] Bug #2054400 - python-google-cloud-container-2.10.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054400
[ 3 ] Bug #2054927 - python-google-cloud-container-2.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054927
--------------------------------------------------------------------------------
================================================================================
python-scp-0.14.3-1.fc35 (FEDORA-2022-407270d75b)
Scp module for paramiko
--------------------------------------------------------------------------------
Update Information:
update to version 0.14.3 (#2054836)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 chedi <chedi.toueiti(a)gmail.com> 0.14.3-1
- update to version 0.14.3 (#2054836)
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> 0.14.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054836 - python-scp-0.14.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2054836
--------------------------------------------------------------------------------
================================================================================
python2.7-2.7.18-20.fc35 (FEDORA-2022-18ad73aba6)
Version 2.7 of the Python interpreter
--------------------------------------------------------------------------------
Update Information:
Security fixes for CVE-2021-4189 and CVE-2022-0391
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Charalampos Stratakis <cstratak(a)redhat.com> - 2.7.18-20
- Security fixes for CVE-2021-4189 and CVE-2022-0391
Resolves: rhbz#2047376
* Mon Jan 24 2022 Karolina Surma <ksurma(a)redhat.com> - 2.7.18-19
- Fix test to enable build with i686
Resolves: rhbz#2038843
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.7.18-18
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 2.7.18-17
- Rebuilt for
https://fedoraproject.org/wiki/Changes/LIBFFI34
* Fri Nov 12 2021 Bj��rn Esser <besser82(a)fedoraproject.org> - 2.7.18-16
- Rebuild(libnsl2)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2047579 - CVE-2022-0391 python2.7: python: urllib.parse does not sanitize
URLs containing ASCII newline and tabs [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2047579
--------------------------------------------------------------------------------
================================================================================
rust-kurbo-0.8.3-2.fc35 (FEDORA-2022-ec66480841)
2D curves library
--------------------------------------------------------------------------------
Update Information:
Remove schemas function; Fixes RHBZ#2055061 ---- Initial import; Fixes
RHBZ#1983543
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 R��mi Lauzier <remilauzier(a)protonmail.com> 0.8.3-2
- Remove schemas function; Fixes RHBZ#2055061
* Tue Feb 15 2022 R��mi Lauzier <remilauzier(a)protonmail.com> 0.8.3-1
- Initial import; Fixes RHBZ#1983543
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1983543 - Review Request: rust-kurbo - A 2D curves library
https://bugzilla.redhat.com/show_bug.cgi?id=1983543
[ 2 ] Bug #2055061 - F37FailsToInstall: rust-kurbo+schemars-devel
https://bugzilla.redhat.com/show_bug.cgi?id=2055061
--------------------------------------------------------------------------------
================================================================================
smb4k-3.1.1-2.fc35 (FEDORA-2022-2696188584)
The SMB/CIFS Share Browser for KDE
--------------------------------------------------------------------------------
Update Information:
add again %%{_kf5_datadir}/kservices5/
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.1.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2047017 - smb4k: FTBFS in Fedora rawhide/f36
https://bugzilla.redhat.com/show_bug.cgi?id=2047017
--------------------------------------------------------------------------------
================================================================================
swid-tools-0.8.13-1.fc35 (FEDORA-2022-a56114e371)
Tools for producing SWID tags for rpm packages and inspecting the SWID tags
--------------------------------------------------------------------------------
Update Information:
Rebase to new upstream version 0.8.13.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Jan Pazdziora <jpazdziora(a)redhat.com> - 0.8.13-1
- Rebased to 0.8.13.
--------------------------------------------------------------------------------
================================================================================
wireshark-3.6.2-1.fc35 (FEDORA-2022-e29665a42b)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
New version 3.6.2, security fix for CVE-2022-0581, CVE-2022-0582, CVE-2022-0583,
CVE-2022-0585, CVE-2022-0586
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 Michal Ruprich <mruprich(a)redhat.com> - 1:3.6.2-1
- New version 3.6.2
- Fix for CVE-2022-0581, CVE-2022-0582, CVE-2022-0583, CVE-2022-0585, CVE-2022-0586
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2054047 - CVE-2022-0586 wireshark: RTMPT dissector infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=2054047
[ 2 ] Bug #2054049 - CVE-2022-0585 wireshark: Large loops in multiple dissectors
https://bugzilla.redhat.com/show_bug.cgi?id=2054049
[ 3 ] Bug #2054051 - CVE-2022-0583 wireshark: PVFS dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=2054051
[ 4 ] Bug #2054056 - CVE-2022-0582 wireshark: CSN.1 dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=2054056
[ 5 ] Bug #2054059 - CVE-2022-0581 wireshark: CMS dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=2054059
--------------------------------------------------------------------------------
================================================================================
xpra-4.3.2-1.fc35 (FEDORA-2022-4952b1ff69)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
Update xpra to 4.3.2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 16 2022 S��rgio Basto <sergio(a)serjux.com> - 4.3.2-1
- Update xpra to 4.3.2
* Thu Jan 27 2022 Tom Callaway <spot(a)fedoraproject.org> - 4.3.1-3
- rebuild for libvpx
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Jan 4 2022 Antonio Trande <sagitter(a)fedoraproject.org> - 4.3.1-1
- Release 4.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2003755 - xpra: python-rencode: rencode 3-byte packet DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2003755
[ 2 ] Bug #2047349 - xpra-4.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2047349
--------------------------------------------------------------------------------