Fedora 33 updates-testing report - test - Fedora mailing-lists

30 May 2021


      The following Fedora 33 Security updates need testing:
 Age  URL
  49  https://bodhi.fedoraproject.org/updates/FEDORA-2021-c3d587d52c   shim-15.4-1
   6  https://bodhi.fedoraproject.org/updates/FEDORA-2021-8b85b2de05   eterm-0.9.6-26.fc33
   6  https://bodhi.fedoraproject.org/updates/FEDORA-2021-e8cab459ab   cflow-1.6-8.fc33
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2021-454a0f6f76   gnutls-3.6.16-1.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-faab70f09a   mapserver-7.4.5-1.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-8917c5d9d2   exiv2-0.27.3-7.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-7190a83164   chromium-90.0.4430.212-1.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-6bf77566c9   nginx-1.20.1-1.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-77756994ba   mingw-python-pillow-7.2.0-6.fc33 python-pillow-7.2.0-6.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-ac3ef133e8   singularity-3.7.4-1.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-4cdb0f68c7   python-lxml-4.5.1-4.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-bdba47348c   mingw-exiv2-0.27.3-6.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-3193a4c13f   mingw-djvulibre-3.5.27-12.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-e145f477df   mingw-openjpeg2-2.3.1-12.fc33 openjpeg2-2.3.1-11.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-67691ad99d   wireshark-3.4.5-1.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-8ca8263bde   dhcp-4.4.2-9.b1.fc33
The following Fedora 33 Critical Path updates have yet to be approved:
 Age URL
  68  https://bodhi.fedoraproject.org/updates/FEDORA-2021-2961f34ccb   PackageKit-1.2.3-1.fc33
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2021-ae71327f68   libtirpc-1.2.6-4.rc4.fc33
  11  https://bodhi.fedoraproject.org/updates/FEDORA-2021-5cc6457b38   rpcbind-1.2.6-0.fc33
  10  https://bodhi.fedoraproject.org/updates/FEDORA-2021-55fc591f26   tpm2-tss-3.0.4-1.fc33
   9  https://bodhi.fedoraproject.org/updates/FEDORA-2021-aca3c7bb56   koji-1.25.0-1.fc33
   7  https://bodhi.fedoraproject.org/updates/FEDORA-2021-b2b5636c1a   livecd-tools-28.1-1.fc33
   6  https://bodhi.fedoraproject.org/updates/FEDORA-2021-cd029398ef   mpfr-4.1.0-7.fc33
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2021-35759ad8d3   openssh-8.4p1-6.fc33
   5  https://bodhi.fedoraproject.org/updates/FEDORA-2021-454a0f6f76   gnutls-3.6.16-1.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-fa3657ac97   kmod-29-2.fc33
   4  https://bodhi.fedoraproject.org/updates/FEDORA-2021-8917c5d9d2   exiv2-0.27.3-7.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-a6e57e54a5   net-snmp-5.9.1-1.fc33
   3  https://bodhi.fedoraproject.org/updates/FEDORA-2021-4797e362b3   abrt-2.14.6-1.fc33 libreport-2.15.1-1.fc33 satyr-0.37-2.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-e145f477df   mingw-openjpeg2-2.3.1-12.fc33 openjpeg2-2.3.1-11.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-24dd0fa996   usbredir-0.10.0-1.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-b02a75816e   dracut-055-1.fc33
   2  https://bodhi.fedoraproject.org/updates/FEDORA-2021-fed63bd217   libxcrypt-4.4.22-1.fc33
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2021-a963f18434   libedit-3.1-37.20210522cvs.fc33
   1  https://bodhi.fedoraproject.org/updates/FEDORA-2021-60d664e252   cryptsetup-2.3.6-1.fc33
The following builds have been pushed to Fedora 33 updates-testing
ansible-collection-community-general-3.1.0-2.fc33
    apt-2.3.5-1.fc33
    domoticz-2021.1-1.fc33
    hadolint-1.18.2-2.fc33
    kernel-5.12.8-200.fc33
    libxml2-2.9.12-4.fc33
    limnoria-20210527-2.fc33
    paho-c-1.3.9-1.fc33
    python-bluepyopt-1.10.36-2.fc33
    retroarch-1.9.4-1.fc33
    rpmbuild-order-0.4.5-1.fc33
    transfig-3.2.8a-2.fc33
    xfig-3.2.8a-1.fc33
Details about builds:
================================================================================
 ansible-collection-community-general-3.1.0-2.fc33 (FEDORA-2021-784ed35b99)
 Modules and plugins supported by Ansible community
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.0 release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Kevin Fenzi kevin@scrye.com - 3.1.0-2
- Fix sed issue that caused python33 to be required.
* Sat May 29 2021 Kevin Fenzi kevin@scrye.com - 3.1.0-1
- Update to 3.1.0. Fixes rhbz#1957092
* Tue May 11 2021 Kevin Fenzi kevin@scrye.com - 3.0.2-1
- Update to 3.0.2. Fixes rhbz#1957092
* Wed May  5 2021 Kevin Fenzi kevin@scrye.com - 3.0.1-1
- Update to 3.0.1. Fixes rhbz#1957092
* Tue Apr 27 2021 Kevin Fenzi kevin@scrye.com - 3.0.0-1
- Update to 3.0.0. Fixes rhbz#1953895
* Sat Apr 24 2021 Kevin Fenzi kevin@scrye.com - 2.5.1-1
- Update to 2.5.1.
* Thu Feb  4 2021 Igor Raits ignatenkobrain@fedoraproject.org - 2.0.0-1
- Update to 2.0.0
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Jan 16 2021 Kevin Fenzi kevin@scrye.com - 1.3.1-2
- Rebuild against new ansible-generator and allow usage by ansible-base-2.10.x
* Tue Dec 29 2020 Igor Raits ignatenkobrain@fedoraproject.org - 1.3.1-1
- Update to 1.3.1
--------------------------------------------------------------------------------
================================================================================
 apt-2.3.5-1.fc33 (FEDORA-2021-b72f2c157c)
 Command-line package manager for Debian packages
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.5 (#1930430)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 17 2021 Fedora Release Monitoring release-monitoring@fedoraproject.org - 2.3.5-1
- Update to 2.3.5 (#1930430)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1930430 - apt-2.3.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1930430
--------------------------------------------------------------------------------
================================================================================
 domoticz-2021.1-1.fc33 (FEDORA-2021-54e2a473f0)
 Open source Home Automation System
--------------------------------------------------------------------------------
Update Information:
Version 2021.1 (April 17 2021)  - Implemented: Added option to set loglevel per
hardware device - Implemented: Added optional parameter 'level' to addlogmessage
JSON - Implemented: AirconWithMe wifi module - Implemented: Allow complete IPv6
address in local network setting - Implemented: Allow custom icons for
thermostat setpoints on floorplan - Implemented: Allow custom icons for utility
sensors - Implemented: Build systems for linux based on github actions -
Implemented: Build system for docker - Implemented: Counter meter type now
supports a divider - Implemented: Custom icons for RGB/W - Implemented: GUI;
Auto refresh feature for graphical logs - Implemented: Hardware Monitor, Add
clock speeds for Raspberry Pi - Implemented: Honeywell, Add cooling control and
Fahrenheit support - Implemented: Internal light commands for Fan types Casafan,
FT1211R, Falmec, LucciAirDCII, IthoECO and Novy - Implemented: Inverted energy
icon colors in report - Implemented: Max. Watt settings for power devices
(defaults to 6000W) - Implemented: Mercedes Me API's (BYOCAR) as an (e)Vehicle
supporting lock/open, odo, fuellevel - Implemented: Meteorologisk (Meteorologisk
institutt Norway) hardware support - Implemented: P1 Meter, added support for
Encryption - Implemented: RFXCom Byron BY doorbell - Implemented: RSSI support
for Distance Sensor, Moisture Sensor, Watt Meter, kWh Meter - Implemented:
RTL433, Added RF Signal Strength in device tab based on reported SNR -
Implemented: RTL433, Added Pressure (PSI) type - Implemented: RTL433, Added UV
type - Implemented: RTL433, Added X-10 Security support - Implemented: RTL433,
Switched to Json input - Implemented: Teleinfo over TCP - Implemented: Websocket
notification for secondary/sub devices - Implemented: ZWave, Legend and tooltips
in Neighbors overview - Updated: API/JSON: added API to delete daterange in
history logs for one ID - Updated: Blebox; use of the latest SwitchBox APIthe
latest SwitchBox API - Updated: dzVents; version 3.1.7 (
https://www.domoticz.com/wiki/DzVents:_next_generation_LUA_scripting ) -
Updated: eVehicles; added ODO meter, unlock/open alert, max charge level to
Tesla module - Updated: eVehicles; added option to manual set API key - Updated:
EvoHome; decode, display and store hotwater setpoint - Updated: GUI; Lay-out of
notifications tab - Updated: MQTT; added option to choose notification subsystem
- Updated: MQTT; added publish schemes: device index, device name and
implemented custom topics for in- and outbound messages - Updated: OpenZWave;
configuration files - Updated: OpenZWave; Added Volatile Organic Compound sensor
- Updated: Openweathermap; use latest API and overall improvements - Updated:
OTGW; ready for firmware 5.0 and added domestic hot water flow rate - Updated:
Plugin manager: ready for Python 3.9+ - Updated: Plugwise; update of scene
selector and added a migration process - Updated: SolarEdge; add support for 3
Phase inverters - Updated: Tado; add support for per-zone Open Window Detection
- Updated: TTNMQTT; Better GPS/Locations handling, distance calculation
(Geofencing) - Updated: TTNMQTT; Improved calculation and storage of signal-
levels - Updated: USBTin; Added support for Bloc 9 - Updated: Xiaomi; added new
device types - Changed: Devices, ZWave, each node as separate hardware for easy
selection - Changed: Differentiate kWh, kVah, kVar and kVarh - Changed: During a
database backup we now 'sleep' when the status != OK - Changed: Energy devices
allow negative values - Changed: Use of Clang-Tidy rules to force ++ coding
consistency - Fixed: Annatherm Presets usage in Events. Please use the following
percentages: 10% for Home, 20% for Away, 30% Night 40% for Vacation - Fixed:
Cache refresh issue on Safari - Fixed: Changing a value from a Thermostat
Setpoint via the JSON API/MQTT resulted in a double event trigger - Fixed:
Control for thermostat setpoints on floorplan - Fixed: Compiling on systems with
recent Python versions - Fixed: Distance sensor was converting to miles instead
of inches - Fixed: Icon uploading from Linux clients/browsers - Fixed: Floorplan
uploading - Fixed: Font in events editor on MacOS - Fixed: Motherboard Sensors
for big partitions - Fixed: Possible crash in CEventSystem::SetEventTrigger -
Fixed: Preserve custom icon and description when switching device from used ->
unused -> used - Fixed: Prevent duplicate keys in preferences table - Fixed:
Pushtype selection mechanism - Fixed: Sound device was incorrectly displayed on
the Floorplan - Fixed: Tado Zone/Home limit, setpoint mix-up - Fixed: User field
in device logging for switches, -text-devices and for groups/scenes - Fixed:
Windows installation respects configured log parameters - Fixed: Zwave various
issues - For a full overview visit:
https://www.domoticz.com/wiki/Domoticz_versions_-_Commits for details
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Michael Cronenworth mike@cchtml.com - 2021.1-1
- New stable release
* Tue Mar 30 2021 Jonathan Wakely jwakely@redhat.com - 2020.2-8
- Rebuilt for removed libstdc++ symbol (#1937698)
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 2020.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Jan 22 2021 Jonathan Wakely jwakely@redhat.com - 2020.2-6
- Rebuilt for Boost 1.75
--------------------------------------------------------------------------------
================================================================================
 hadolint-1.18.2-2.fc33 (FEDORA-2021-8b24ea9ed6)
 Dockerfile linter, validate inline bash
--------------------------------------------------------------------------------
Update Information:
rebuild against ShellCheck-0.7.2
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Jens Petersen petersen@redhat.com - 1.18.2-2
- rebuild
--------------------------------------------------------------------------------
================================================================================
 kernel-5.12.8-200.fc33 (FEDORA-2021-0b35886add)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 5.12.8 stable kernel update contains a number of important fixes across the
tree.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1965458 - CVE-2021-33200 kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
        https://bugzilla.redhat.com/show_bug.cgi?id=1965458
--------------------------------------------------------------------------------
================================================================================
 libxml2-2.9.12-4.fc33 (FEDORA-2021-b950000d2b)
 Library providing XML and HTML support
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.12  * Fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518,
CVE-2021-3537, CVE-2021-3541 * Verify sources with GPG signature
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 David King amigadave@amigadave.com - 2.9.12-4
- Fix xmlNodeDumpOutputInternal regression (#1965662)
* Tue May 25 2021 David King amigadave@amigadave.com - 2.9.12-3
- Fix multiarch conflict in devel subpackage
* Wed May 19 2021 David King amigadave@amigadave.com - 2.9.12-2
- Fix python-lxml regression with 2.9.12
* Thu May 13 2021 David King amigadave@amigadave.com - 2.9.12-1
- Update to 2.9.12 (#1960153)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1954227 - CVE-2021-3516 libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1954227
  [ 2 ] Bug #1954234 - CVE-2021-3517 libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1954234
  [ 3 ] Bug #1954243 - CVE-2021-3518 libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1954243
  [ 4 ] Bug #1956524 - CVE-2021-3537 libxml2: NULL pointer dereference in valid.c in xmlValidBuildAContentModel [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1956524
  [ 5 ] Bug #1960153 - CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1960153
  [ 6 ] Bug #1965662 - please backport regression fix 13ad8736d
        https://bugzilla.redhat.com/show_bug.cgi?id=1965662
--------------------------------------------------------------------------------
================================================================================
 limnoria-20210527-2.fc33 (FEDORA-2021-d7bd04e3f6)
 A modified version of Supybot (an IRC bot) with enhancements and bug fixes
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Kevin Fenzi kevin@scrye.com - 20210527-2
- Fix changelog
* Sat May 29 2021 Kevin Fenzi kevin@scrye.com - 20210527-1
- Upgrade to 20210527
* Fri May 28 2021 Simo Sorce simo@fedoraproject.org - 20210411-2
- Fix version string forever by calculating it
* Sat Apr 24 2021 Kevin Fenzi kevin@scrye.com - 20210411-1
- Upgrade to 20210411.
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 20201013-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Nov  3 2020 Kevin Fenzi kevin@scrye.com - 20201013-1
- Update to 20201013.
--------------------------------------------------------------------------------
================================================================================
 paho-c-1.3.9-1.fc33 (FEDORA-2021-162961dd13)
 MQTT C Client
--------------------------------------------------------------------------------
Update Information:
Update to 1.3.9
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.3.9-1
- Update to 1.3.9
- Move the man pages to the correct directory
* Tue Jan 26 2021 Fedora Release Engineering releng@fedoraproject.org - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 python-bluepyopt-1.10.36-2.fc33 (FEDORA-2021-2ce46684ef)
 Bluebrain Python Optimisation Library (bluepyopt)
--------------------------------------------------------------------------------
Update Information:
Update to latest bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 27 2021 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 1.10.36-2
- make package archful, since tests are arch dependent
* Thu May 27 2021 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 1.10.36-1
- ignore non-unit tests, these fail on ppc64le etc.
* Thu May 27 2021 Ankur Sinha <ankursinha AT fedoraproject DOT org> - 1.10.36-1
- Update to latest release
- Use pytest and enable tests by default
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1950262 - python-bluepyopt-1.10.36 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1950262
--------------------------------------------------------------------------------
================================================================================
 retroarch-1.9.4-1.fc33 (FEDORA-2021-38f8597bfe)
 Cross-platform, sophisticated frontend for the libretro API.
--------------------------------------------------------------------------------
Update Information:
Update to latest version
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 28 2021 Artem Polishchuk ego.cordatus@gmail.com - 1.9.4-1
- build(update): 1.9.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1965772 - retroarch-1.9.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1965772
--------------------------------------------------------------------------------
================================================================================
 rpmbuild-order-0.4.5-1.fc33 (FEDORA-2021-b75fbe8891)
 Sort RPM packages in dependency order
--------------------------------------------------------------------------------
Update Information:
- new command to render dependency graph - fix subcycle algorithm: now lists
correct shortest path subcycles - improve cycles output (#2)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Jens Petersen petersen@redhat.com - 0.4.5-1
- 'render': do not reverse arrows
- 'render': rename -o/--output option to -g/--gv-output
* Wed May 19 2021 Jens Petersen petersen@redhat.com - 0.4.4.1-1
- 'render': helpful error message if graphviz not installed
* Sun May 16 2021 Jens Petersen petersen@redhat.com - 0.4.4-1
- new render command to show graph
- fix subcycles algorithm and improve cycles text
* Wed May 12 2021 Jens Petersen petersen@redhat.com - 0.4.3.2-1
- intercalate newlines between cycles
- only list subcycles with over 2 packages
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 0.4.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Fri Sep 25 2020 Jens Petersen petersen@redhat.com - 0.4.3.1-1
- 'deps','rdeps': --exclude option to ignore a "broken" neighboring package
* Fri Sep 18 2020 Jens Petersen petersen@redhat.com - 0.4.3-1
- https://hackage.haskell.org/package/rpmbuild-order-0.4.3/changelog:
- 'deps' and 'rdeps': new --ignore-BR option
- 'sort' no longer outputs a leading newline
--------------------------------------------------------------------------------
================================================================================
 transfig-3.2.8a-2.fc33 (FEDORA-2021-dab56300b1)
 Utility for converting FIG files (made by xfig) to other formats
--------------------------------------------------------------------------------
Update Information:
- New upstream release 3.2.8a - Add patches from upstream git fixing a couple of
issues which may have security implications (CVE-2021-3561)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Hans de Goede hdegoede@redhat.com - 1:3.2.8a-2
- Add patches from upstream git fixing a couple of issues which may have
  security implications (CVE-2021-3561)
* Mon Mar 29 2021 Ondrej Dubaj odubaj@redhat.com - 1:3.2.8a-1
- Updated to version 3.2.8a
* Wed Jan 27 2021 Fedora Release Engineering releng@fedoraproject.org - 1:3.2.7b-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 xfig-3.2.8a-1.fc33 (FEDORA-2021-27b1102947)
 An X Window System tool for drawing basic vector graphics
--------------------------------------------------------------------------------
Update Information:
- New upstream release 3.2.8a
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 29 2021 Hans de Goede hdegoede@redhat.com - 3.2.8a-1
- New upstream release 3.2.8a
* Thu Jan 28 2021 Fedora Release Engineering releng@fedoraproject.org - 3.2.7b-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
--------------------------------------------------------------------------------