The following Fedora 30 Security updates need testing: Age URL 87 https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f libarchive-3.3.3-7.fc30 21 https://bodhi.fedoraproject.org/updates/FEDORA-2020-cc26574961 chromium-79.0.3945.130-1.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b8b7a4a0e5 poppler-0.73.0-16.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-f8e267d6d0 systemd-241-14.git18dd3fb.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-92cc67ff5a ipmitool-1.8.18-19.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a0f0eb8500 ksh-2020.0.0-2.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-47efc31973 libuv-1.34.2-1.fc30 nghttp2-1.40.0-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-830d8a1a92 http-parser-2.9.3-1.fc30 nodejs-10.19.0-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-092ef6572a glib2-2.60.7-3.fc30 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8d3ea0fe8d mbedtls-2.16.4-1.fc30 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0fc6dd0fd2 cacti-1.2.9-1.fc30 cacti-spine-1.2.9-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-0e6a67af5a dovecot-2.3.9.3-1.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2a5cdd665c kernel-5.4.19-100.fc30 kernel-headers-5.4.18-100.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e1ba1a692 firefox-73.0-2.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5cdbb19cca python-pillow-5.4.1-4.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8193c0aa68 mingw-openjpeg2-2.3.1-7.fc30 openjpeg2-2.3.1-6.fc30
The following Fedora 30 Critical Path updates have yet to be approved: Age URL 219 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c05e4425d1 dash-0.5.10.2-3.fc30 87 https://bodhi.fedoraproject.org/updates/FEDORA-2019-71b2273a9f libarchive-3.3.3-7.fc30 25 https://bodhi.fedoraproject.org/updates/FEDORA-2020-aa758fe515 koji-1.20.0-1.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b8b7a4a0e5 poppler-0.73.0-16.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5739bd54c3 llvm-8.0.0-7.fc30 rust-1.41.0-1.fc30 rust-packaging-10-2.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-58dda6d0fd osinfo-db-20200203-1.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-1a2e247b8f pungi-4.2.0-1.fc30 10 https://bodhi.fedoraproject.org/updates/FEDORA-2020-bfd3a9b7c8 hwdata-0.332-1.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5dcfa13703 ceph-14.2.7-2.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-f8e267d6d0 systemd-241-14.git18dd3fb.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-c4d27dea0b selinux-policy-3.14.3-56.fc30 8 https://bodhi.fedoraproject.org/updates/FEDORA-2020-66c974fdb6 dnf-4.2.18-1.fc30 dnf-plugins-core-4.0.13-1.fc30 libdnf-0.43.1-2.fc30 microdnf-3.4.0-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-092ef6572a glib2-2.60.7-3.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-830d8a1a92 http-parser-2.9.3-1.fc30 nodejs-10.19.0-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-47efc31973 libuv-1.34.2-1.fc30 nghttp2-1.40.0-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-886fc2deb7 python-productmd-1.24-1.fc30 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-5e06ad5ec5 cryptsetup-2.3.0-1.fc30 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b7b2270753 mdadm-4.1-1.fc30 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-02278780cf nfs-utils-2.4.3-0.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-2a5cdd665c kernel-5.4.19-100.fc30 kernel-headers-5.4.18-100.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-299acf832a pcre-8.43-3.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-71be871020 libdnf-0.43.1-3.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e94bce43a0 abrt-2.14.0-1.fc30 abrt-java-connector-1.1.4-1.fc30 libreport-2.12.0-1.fc30 satyr-0.30-2.fc30 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-970a0aa60e python-rpm-macros-3-46.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-8193c0aa68 mingw-openjpeg2-2.3.1-7.fc30 openjpeg2-2.3.1-6.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-17af221dbb nss-pem-1.0.6-1.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-293bf84963 vim-8.2.236-1.fc30 0 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4e1ba1a692 firefox-73.0-2.fc30
The following builds have been pushed to Fedora 30 updates-testing
cinnamon-session-4.4.1-1.fc30 clamav-unofficial-sigs-7.0.1-3.fc30 flatpak-1.4.4-1.fc30 libmodulemd-2.9.1-1.fc30 libreswan-3.30-1.fc30 lyx-2.3.4.2-1.fc30 phan-2.4.9-1.fc30 php-composer-spdx-licenses-1.5.3-1.fc30 php-myclabs-php-enum-1.7.6-1.fc30 podman-1.8.0-2.fc30 python-html2text-2019.9.26-5.fc30 tucnak-4.20-2.fc30 unittest-cpp-2.0.0-9.fc30 webkit2gtk3-2.26.4-1.fc30 x2goclient-4.1.2.2-1.fc30
Details about builds:
================================================================================ cinnamon-session-4.4.1-1.fc30 (FEDORA-2020-3bf3c305cc) Cinnamon session manager -------------------------------------------------------------------------------- Update Information:
- update for cinnamon-session-4.4.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Leigh Scott leigh123linux@googlemail.com - 4.4.1-1 - Update to 4.4.1 release * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 4.4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ clamav-unofficial-sigs-7.0.1-3.fc30 (FEDORA-2020-b79f547bf8) Scripts to download unofficial clamav signatures -------------------------------------------------------------------------------- Update Information:
Make cron script as config(noreplace) (bz#1786860) -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 13 2020 J��n ONDREJ (SAL) <ondrejj(at)salstar.sk> - 7.0.1-3 - Make cron script as config(noreplace) (bz#1786860) - Implement random delay before running update script from cron * Tue Jan 28 2020 Fedora Release Engineering releng@fedoraproject.org - 7.0.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1786860 - Installs both cron job and systemd timer https://bugzilla.redhat.com/show_bug.cgi?id=1786860 --------------------------------------------------------------------------------
================================================================================ flatpak-1.4.4-1.fc30 (FEDORA-2020-6dfb032e43) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information:
This release contains backports from 1.6.2 that restores the ability for flatpak to use ostree static deltas on initial installation which allow much faster downloads. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Kalev Lember klember@redhat.com - 1.4.4-1 - Update to 1.4.4 --------------------------------------------------------------------------------
================================================================================ libmodulemd-2.9.1-1.fc30 (FEDORA-2020-0e17698e23) Module metadata manipulation library -------------------------------------------------------------------------------- Update Information:
Release libmodulemd 2.9.1 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Stephen Gallagher sgallagh@redhat.com - 2.9.1-1 - new upstream release: 2.9.1 * Wed Feb 12 2020 Stephen Gallagher sgallagh@redhat.com - 2.9.0-1 - new upstream release: 2.9.0 * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 2.8.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ libreswan-3.30-1.fc30 (FEDORA-2020-83ac43d977) Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec -------------------------------------------------------------------------------- Update Information:
Resolves: rhbz#1802896 libreswan-3.30 is available -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Paul Wouters pwouters@redhat.com - 3.30-1 - Resolves: rhbz#1802896 libreswan-3.30 is available - Resolves: rhbz#1799598 libreswan: FTBFS in Fedora rawhide/f32 - Resolves: rhbz#1760571 [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 3.29-2.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Thu Jan 9 2020 Paul Wouters pwouters@redhat.com - 3.29-2 - _updown.netkey: fix syntax error in checking routes * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 3.29-1.1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1802896 - libreswan-3.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1802896 [ 2 ] Bug #1799598 - libreswan: FTBFS in Fedora rawhide/f32 https://bugzilla.redhat.com/show_bug.cgi?id=1799598 [ 3 ] Bug #1760571 - [abrt] libreswan: configsetupcheck(): verify:366:configsetupcheck:TypeError: a bytes-like object is required, not 'str' https://bugzilla.redhat.com/show_bug.cgi?id=1760571 --------------------------------------------------------------------------------
================================================================================ lyx-2.3.4.2-1.fc30 (FEDORA-2020-99e0833306) WYSIWYM (What You See Is What You Mean) document processor -------------------------------------------------------------------------------- Update Information:
This is mini-release that fixes 4 bugs. The only important bug that affects Fedora is a crash related to the math toolbar. For more details see the enclosed documentation or the release announce available at https://www.lyx.org/announce/2_3_4_2.txt -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 13 2020 Jos�� Matos jamatos@fedoraproject.org - 2.3.4.2-1 - update to 2.3.4.2 * Wed Jan 29 2020 Fedora Release Engineering releng@fedoraproject.org - 2.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ phan-2.4.9-1.fc30 (FEDORA-2020-cb976761a2) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information:
Feb 13 2020, **Phan 2.4.9** **New Features (Analysis):** + Infer that `class_exists` implies the first argument is a class-string, and that `method_exists` implies the first argument is a class-string or an object. (#2804, #3058). Note that Phan still does not infer that the class or method actually exists. + Emit `PhanRedefineClass` on **all** occurrences of a duplicate class, not just the ones after the first occurrence of the class. (#511) + Emit `PhanRedefineFunction` on **all** occurrences of a duplicate function/method, not just the ones after the first. + Emit `PhanRedefinedClassReference` for many types of uses of user-defined classes that Phan has parsed multiple definitions of. Phan will not warn about internal classes, because the duplicate definition is probably a polyfill. (e.g. `new DuplicateClass()`, `DuplicateClass::someMethod()`) **Bug fixes:** + Fix false positive `PhanParamSuspiciousOrder` for `preg_replace_callback` (#3680) + Fix false positive `PhanUnanalyzableInheritance` for renamed methods from traits. (#3695) + Fix false positive `PhanUndeclaredConstant` previously seen for inherited class constants in some parse orders. (#3706) + Fix uncaught `TypeError` converting `iterable<T>` to nullable (#3709) -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Remi Collet remi@remirepo.net - 2.4.9-1 - update to 2.4.9 --------------------------------------------------------------------------------
================================================================================ php-composer-spdx-licenses-1.5.3-1.fc30 (FEDORA-2020-592d9c3c50) SPDX licenses list and validation library -------------------------------------------------------------------------------- Update Information:
**Version 1.5.3** - 2020-02-14 * Changed: updated licenses list to SPDX 3.8 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Remi Collet remi@remirepo.net - 1.5.3-1 - update to 1.5.3 (SPDX 3.8) --------------------------------------------------------------------------------
================================================================================ php-myclabs-php-enum-1.7.6-1.fc30 (FEDORA-2020-af473a8b5a) PHP Enum implementation -------------------------------------------------------------------------------- Update Information:
**Version 1.7.6** * Avoid conflicts with Doctrine Annotations by renaming the Psalm @template annotation into @psalm-template. ---- **Version 1.7.5** * Improved Psalm typing ---- **Version 1.7.4** * Add Psalm annotations -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Remi Collet remi@remirepo.net - 1.7.6-1 - update to 1.7.6 * Fri Feb 14 2020 Remi Collet remi@remirepo.net - 1.7.5-1 - update to 1.7.5 * Fri Feb 7 2020 Remi Collet remi@remirepo.net - 1.7.4-1 - update to 1.7.4 - switch to phpunit7 --------------------------------------------------------------------------------
================================================================================ podman-1.8.0-2.fc30 (FEDORA-2020-c68458c879) Manage Pods, Containers and Container Images -------------------------------------------------------------------------------- Update Information:
bump to v1.8.0, Security fix for CVE-2020-8945 -------------------------------------------------------------------------------- ChangeLog:
* Sat Feb 8 2020 RH Container Bot rhcontainerbot@fedoraproject.org - 2:1.8.0-2 - bump to v1.8.0 - autobuilt 2ced909 - Resolves: #1795838, #1802903 - Security fix for CVE-2020-8945 * Thu Feb 6 2020 Lokesh Mandvekar lsm5@fedoraproject.org - 2:1.8.0-0.2 - bump crun dependency * Mon Feb 3 2020 Lokesh Mandvekar lsm5@fedoraproject.org - 2:1.8.0-0.1 - built v1.8.0-rc1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1795838 - CVE-2020-8945 proglottis/gpgme: Use-after-free in GPGME bindings during container image pull https://bugzilla.redhat.com/show_bug.cgi?id=1795838 --------------------------------------------------------------------------------
================================================================================ python-html2text-2019.9.26-5.fc30 (FEDORA-2020-b8692ee463) Convert HTML to Markdown-formatted text -------------------------------------------------------------------------------- Update Information:
allow keeping python2-html2text in f30 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 David Kaufmann astra@ionic.at - 2019.9.26-5 - changelog date fix * Fri Feb 14 2020 David Kaufmann astra@ionic.at - 2019.9.26-4 - remove obsoletes of python2-html2text due to version mismatch * Thu Feb 13 2020 David Kaufmann astra@ionic.at - 2019.9.26-3 - allow keeping python2-html2text in f30 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1797164 - python3-html2text should not obsolete python2-html2text https://bugzilla.redhat.com/show_bug.cgi?id=1797164 [ 2 ] Bug #1797166 - rss2email requires python2-html2text, which is now obsoleted on F30 machines https://bugzilla.redhat.com/show_bug.cgi?id=1797166 --------------------------------------------------------------------------------
================================================================================ tucnak-4.20-2.fc30 (FEDORA-2020-03cc1abfaf) VHF contest logging program -------------------------------------------------------------------------------- Update Information:
This is new package, tucnak. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 6 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.20-2 - Variuos fixes according to the review * Wed Feb 5 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.20-1 - New version * Tue Jan 28 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.19-1 - New version - Fixed according to the review * Fri Jan 3 2020 Jaroslav ��karvada jskarvad@redhat.com - 4.18-1 - Initial version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1787619 - Review Request: tucnak - VHF contest logging program https://bugzilla.redhat.com/show_bug.cgi?id=1787619 --------------------------------------------------------------------------------
================================================================================ unittest-cpp-2.0.0-9.fc30 (FEDORA-2020-bbac82a6fa) Lightweight unit testing framework for C++ -------------------------------------------------------------------------------- Update Information:
- Update to 2.0.0 release -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Leigh Scott leigh123linux@gmail.com - 2.0.0-9 - Update to 2.0.0 release * Fri Jan 31 2020 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 2.0.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1802971 - RFE: Add epel8 branch https://bugzilla.redhat.com/show_bug.cgi?id=1802971 --------------------------------------------------------------------------------
================================================================================ webkit2gtk3-2.26.4-1.fc30 (FEDORA-2020-4d11d35a1f) GTK Web content engine library -------------------------------------------------------------------------------- Update Information:
* Always use a light theme for rendering form controls. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867, CVE-2020-3868 -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Michael Catanzaro mcatanzaro@redhat.com - 2.26.4-1 - Update to 2.26.4 - Add GPG verification of tarball --------------------------------------------------------------------------------
================================================================================ x2goclient-4.1.2.2-1.fc30 (FEDORA-2020-d532474f76) X2Go Client application -------------------------------------------------------------------------------- Update Information:
Update to 4.1.2.2 --- o more client-broker interaction (new events sent to the broker side) o crash fix for the automount feature o automatic UNIX helper bypass when starting X2Go Client with command line parameters that will let it (almost) immediately exit. No more killing of subprocesses when running x2goclient --help, yay! o fix sftp-server location scanning for Gentoo 17.1 profiles without a compat symlink o accept direct IPv6 addresses in proxy fields. Previously such input was parsed as "host:port:" and failed miserably. o make internal scp calls compatible with newer libssh versions and those with fixes for CVE-2019-14889 backported. This has the drawback that we can't scp files into other user's home directories easily any longer, but libssh will keep interpreting the path literally so there's nothing sensible we could do about this (other than looking up home directories in a complicated manner via other tools). Since we don't need to do this (currently), just live with that limitation. o fix an image corruption bug (seen upon resizing etc.) in custom SVGFrame widgets o disable PulseAudio autospawning in X2Go config file, thanks to Ville Salmela. Less spam in system logs for disconnected sessions! o in the Qt5 code path, actually search for "sftp-server", not "sftp-binary". Oops. o updated translations o updated copyright notices o now requires pkgconfig as a build dependency o add sftp-server binary path support for the default NixOS location o renamed shadow session type label to "X2Go/X11 Desktop Sharing" o document --broker- name in man page o rename XFreeRDP radio button labels to more accurate pre-2.0 and post-2.0 versions o new Czech translation thanks to Tom Ruzicka o correctly close channels on failures during checkLogin () thanks to Ulrich Sibiller o specifying an exclamation character ("!") at the start of host specifications will make X2Go Client skip login/interaction checks completely thanks to Ulrich Sibiller. "!" was chosen because it is not a valid DNS or alias name part. Can be used for both proxies and host endpoints. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 14 2020 Orion Poplawski orion@nwra.com - 4.1.2.2-1 - Update to 4.1.2.2 * Fri Jan 31 2020 Fedora Release Engineering releng@fedoraproject.org - 4.1.2.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild * Fri Dec 13 2019 Orion Poplawski orion@nwra.com - 4.1.2.1-5 - Select X11 backend on wayland (bz#1756430) * Fri Aug 16 2019 Orion Poplawski orion@nwra.com - 4.1.2.1-4 - Add patch to support newer libssh - Build with Qt5 on RHEL8 * Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 4.1.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild --------------------------------------------------------------------------------