The following Fedora 28 Security updates need testing:
Age URL
271
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb
jgraphx-3.6.0.0-6.fc28
220
https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da
nodejs-brace-expansion-1.1.11-1.fc28
219
https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a
nodejs-atob-2.1.1-1.fc28
212
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9dd3f7c013
unrtf-0.21.9-8.fc28
180
https://bodhi.fedoraproject.org/updates/FEDORA-2018-28e9841baf
docker-latest-1.13.1-37.git9cb56fd.fc28
95
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297
xerces-c27-2.7.0-28.fc28
52
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aadd3c2790
mupdf-1.14.0-6.fc28
47
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
47
https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c
nginx-1.14.1-1.fc28
37
https://bodhi.fedoraproject.org/updates/FEDORA-2018-70fe6a4d75
nagios-4.4.2-3.fc28
33
https://bodhi.fedoraproject.org/updates/FEDORA-2018-dbcb80405c
nbdkit-1.4.4-1.fc28
26
https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-2abadd4469
haproxy-1.8.15-1.fc28
23
https://bodhi.fedoraproject.org/updates/FEDORA-2018-b18f9dd65b
tomcat-8.5.35-1.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-e4732930df beep-1.3-26.fc28
8
https://bodhi.fedoraproject.org/updates/FEDORA-2018-36320c03cd
electron-cash-3.3.4-1.fc28
6
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4dc2ccb142
electrum-3.2.4-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-944ff52ce6
php-horde-Horde-Image-2.5.4-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-24dc022a51
gnutls-3.6.5-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-d1b5cf0055 wget-1.20.1-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8deebad756
perl-Email-Address-1.912-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-c424e3bb72
golang-1.10.7-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f8cadd5ff
thunderbird-60.4.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-348547a32d
chromium-71.0.3578.98-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-01afc2352f
mingw-nettle-3.4.1-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-541a12b809
python3-3.6.8-1.fc28 python3-docs-3.6.8-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac7e19b0c8
krb5-1.16.1-24.fc28
The following Fedora 28 Critical Path updates have yet to be approved:
Age URL
47
https://bodhi.fedoraproject.org/updates/FEDORA-2018-997a9e3e1f xen-4.10.2-4.fc28
40
https://bodhi.fedoraproject.org/updates/FEDORA-2018-3222e7c914 radvd-2.17-11.fc28
37
https://bodhi.fedoraproject.org/updates/FEDORA-2018-c86898e4a7 gdb-8.1.1-4.fc28
35
https://bodhi.fedoraproject.org/updates/FEDORA-2018-12c54ca4bf gjs-1.52.5-1.fc28
26
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b
nfs-utils-2.3.3-1.rc2.fc28
25
https://bodhi.fedoraproject.org/updates/FEDORA-2018-9963fc558e efivar-37-1.fc28
22
https://bodhi.fedoraproject.org/updates/FEDORA-2018-816dbc3486
osinfo-db-20181214-1.fc28
17
https://bodhi.fedoraproject.org/updates/FEDORA-2018-4dddcb3e5e
highlight-3.48-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-24dc022a51
gnutls-3.6.5-1.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-6ae95964c0 rsync-3.1.3-4.fc28
4
https://bodhi.fedoraproject.org/updates/FEDORA-2019-4a2458eb49
hwdata-0.319-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-541a12b809
python3-3.6.8-1.fc28 python3-docs-3.6.8-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-8f8cadd5ff
thunderbird-60.4.0-1.fc28
3
https://bodhi.fedoraproject.org/updates/FEDORA-2019-af22d27d88
libical-3.0.4-1.fc28
2
https://bodhi.fedoraproject.org/updates/FEDORA-2019-ac7e19b0c8
krb5-1.16.1-24.fc28
1
https://bodhi.fedoraproject.org/updates/FEDORA-2019-729922a177
analitza-18.04.3-3.fc28 appmenu-qt5-0.3.0+16.10.20160628.1-11.fc28 calibre-3.34.0-2.fc28
dnscrypt-proxy-gui-1.21.16-2.fc28 fcitx-qt5-1.2.3-4.fc28 gammaray-2.9.0-5.fc28
gsettings-qt-0-0.11.20170715bzr83.fc28.3 hedgewars-0.9.24.1-4.fc28
kf5-akonadi-server-18.08.3-2.fc28 kf5-frameworkintegration-5.53.0-3.fc28
kf5-kdeclarative-5.53.0-3.fc28 kf5-kwayland-5.53.0-3.fc28 kf5-kxmlgui-5.53.0-3.fc28
kwin-5.13.5-2.fc28 libfm-qt-0.11.2-13.fc28 libqtxdg-2.0.0-14.fc28
lxqt-qtplugin-0.11.1-13.fc28 mscore-2.2.1-6.fc28 plasma-integration-5.13.5-2.fc28
pyotherside-1.5.3-14.fc28 python-qt5-5.10.1-5.fc28 pythonqt-3.2-11.fc28
qgnomeplatform-0.5-6.fc28 qstardict-1.3-5.fc28 qt-creator-4.6.2-3.fc28 qt5-5.11.3-1.fc28
qt5-qt3d-5.11.3-1.fc28 qt5-qtbase-5.11.3-1.fc28 qt5-qtcanvas3d-5.11.3-1.fc28
qt5-qtcharts-5.11.3-1.fc28 qt5-qtconnectivity-5.11.3-1.fc28 qt5-qtdatavis3d-5.11.3-1.fc28
qt5-qtdeclarative-5.11.3-1.fc28 qt5-qtdoc-5.11.3-1.fc28 qt5
-qtenginio-1.6.2-20.fc28 qt5-qtgamepad-5.11.3-1.fc28 qt5-qtgraphicaleffects-5.11.3-1.fc28
qt5-qtimageformats-5.11.3-1.fc28 qt5-qtlocation-5.11.3-1.fc28
qt5-qtmultimedia-5.11.3-1.fc28 qt5-qtquickcontrols-5.11.3-1.fc28
qt5-qtquickcontrols2-5.11.3-1.fc28 qt5-qtremoteobjects-5.11.3-1.fc28
qt5-qtscript-5.11.3-1.fc28 qt5-qtscxml-5.11.3-1.fc28 qt5-qtsensors-5.11.3-1.fc28
qt5-qtserialbus-5.11.3-1.fc28 qt5-qtserialport-5.11.3-1.fc28 qt5-qtspeech-5.11.3-1.fc28
qt5-qtstyleplugins-5.0.0-29.fc28 qt5-qtsvg-5.11.3-1.fc28 qt5-qttools-5.11.3-1.fc28
qt5-qttranslations-5.11.3-1.fc28 qt5-qtvirtualkeyboard-5.11.3-1.fc28
qt5-qtwayland-5.11.3-1.fc28 qt5-qtwebchannel-5.11.3-1.fc28 qt5-qtwebengine-5.11.3-2.fc28
qt5-qtwebkit-5.212.0-0.31.alpha2.fc28 qt5-qtwebsockets-5.11.3-1.fc28
qt5-qtwebview-5.11.3-1.fc28 qt5-qtx11extras-5.11.3-1.fc28 qt5-qtxmlpatterns-5.11.3-1.fc28
qt5ct-0.35-3.fc28 qtcurve-1.9.1-2.fc28 skrooge-2.14.0-3.fc28 texmaker-5.0.2-7.fc28
ugene-1.31.0-4.fc28 xdg-desktop-portal-kde-5.13.5-3.fc28 ya
rock-1.3.1-3.fc28
The following builds have been pushed to Fedora 28 updates-testing
cacti-1.2.0-2.fc28
cacti-spine-1.2.0-2.fc28
copyq-3.7.2-1.fc28
fotoxx-19.0-1.fc28
incron-0.5.12-9.fc28
json-3.5.0-1.fc28
libmateweather-1.20.2-1.fc28
libreport-2.9.5-3.fc28
libsodium-1.0.17-1.fc28
libwebsockets-3.0.1-2.fc28
mingw-uriparser-0.9.1-1.fc28
mosquitto-1.5.5-2.fc28
phan-1.2.0-1.fc28
php-cs-fixer-2.14.0-1.fc28
php-horde-Horde-Form-2.0.19-1.fc28
php-horde-imp-6.2.23-1.fc28
php-horde-kronolith-4.2.26-1.fc28
php-symfony3-3.4.21-1.fc28
printrun-2.0.0-0.8.rc5.fc28
purple-facebook-0.9.5-13.9ff9acf9fa14.fc28
python-django-2.0.10-1.fc28
python-moksha-hub-1.5.14-1.fc28
python-tvb-gdist-1.5.6-3.fc28
syncthing-1.0.0-1.fc28
tor-0.3.4.10-1.fc28
uriparser-0.9.1-1.fc28
wireshark-2.6.5-2.fc28
Details about builds:
================================================================================
cacti-1.2.0-2.fc28 (FEDORA-2019-fd19dc0edb)
An rrd based graphing tool
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.0 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 6 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-2
- Spec file improvements
- Updated PHP libs/extensions
* Thu Jan 3 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-1
- Update to 1.2.0
- Provide nginx support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1581555 - 1.1.38 - ERROR PHP WARNING: sizeof(): Parameter must be an array or
an object that implements Countable in file: /usr/share/cacti/lib/utility.php
https://bugzilla.redhat.com/show_bug.cgi?id=1581555
--------------------------------------------------------------------------------
================================================================================
cacti-spine-1.2.0-2.fc28 (FEDORA-2019-fd19dc0edb)
Threaded poller for Cacti written in C
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.0 Release notes:
https://www.cacti.net/release_notes.php?version=1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 6 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-2
- Use spine.conf as default
* Thu Jan 3 2019 Morten Stevens <mstevens(a)fedoraproject.org> - 1.2.0-1
- Update to 1.2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1581555 - 1.1.38 - ERROR PHP WARNING: sizeof(): Parameter must be an array or
an object that implements Countable in file: /usr/share/cacti/lib/utility.php
https://bugzilla.redhat.com/show_bug.cgi?id=1581555
--------------------------------------------------------------------------------
================================================================================
copyq-3.7.2-1.fc28 (FEDORA-2019-5da221b6ee)
Advanced clipboard manager
--------------------------------------------------------------------------------
Update Information:
Upstream release rhbz#1662682
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 31 2018 Gerald Cox <gbcox(a)fedoraproject.org> - 3.7.2-1
- Upstream release rhbz#1662682
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1662682 - CopyQ - Upstream release v3.7.2
https://bugzilla.redhat.com/show_bug.cgi?id=1662682
--------------------------------------------------------------------------------
================================================================================
fotoxx-19.0-1.fc28 (FEDORA-2019-69d1ad90ba)
Photo editor
--------------------------------------------------------------------------------
Update Information:
19.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Gwyn Ciesla <limburgher(a)gmail.com> - 19.0-1
- 19.0
--------------------------------------------------------------------------------
================================================================================
incron-0.5.12-9.fc28 (FEDORA-2019-75bfa8d4a2)
Inotify cron system
--------------------------------------------------------------------------------
Update Information:
Add fix the zombie / defunct processes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 5 2019 Kevin Fenzi <kevin(a)scrye.com> - 0.5.12-9
- Add patch to prevent zombies from upstream post release commits. Fixes bug #1656939
* Tue Jul 17 2018 Kevin Fenzi <kevin(a)scrye.com> - 0.5.12-8
- Fix FTBFS by adding BuildRequires: gcc-c++
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.5.12-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1656939 - Incron causes defunct processes
https://bugzilla.redhat.com/show_bug.cgi?id=1656939
--------------------------------------------------------------------------------
================================================================================
json-3.5.0-1.fc28 (FEDORA-2019-a475b8b890)
JSON for Modern C++
--------------------------------------------------------------------------------
Update Information:
New Features ====================== * Structured bindings are now supported for
JSON objects and arrays via the items() member function, so finally this code is
possible: ```c++ for (auto& [key, val] : j.items()) { std::cout <<
key << ':' << val << '\n'; } ``` * Added support
for reading from FILE* to
support situations in which streams are nit available or would require too much
RAM. #1370 #1392 Bug Fixes =================== * The eofbit was not set for
input streams when the end of a stream was reached while parsing. #1340 #1343 *
Fixed a bug in the SAX parser for BSON arrays. Improvements
====================== * Added support for Clang 5.0.1 (PS4 version). #1341
#1342 Further Changes ========================== * Added a warning for implicit
conversions to the documentation: It is not recommended to use implicit
conversions when reading from a JSON value. Details about this recommendation
can be found here. #1363 * Fixed typos in the documentation. #1329 #1380 #1382
* Fixed a C4800 warning. #1364 * Fixed a -Wshadow warning #1346 * Wrapped
std::snprintf calls to avoid error in MSVC. #1337 * Added code to allow
installation via Meson. #1345 Deprecated functions ===========================
This release does not deprecate any functions. As an overview, the following
functions have been deprecated in earlier versions and will be removed in the
next major version (i.e., 4.0.0): * Function iterator_wrapper are deprecated.
Please use the member function items() instead. * Functions `friend
std::istream& operator<<(basic_json&, std::istream&)` and `friend
std::ostream&
operator>>(const basic_json&, std::ostream&)` are deprecated. Please use
friend
`std::istream& operator>>(std::istream&, basic_json&)` and `friend
operator<<(std::ostream&, const basic_json&)` instead.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Vitaly Zaitsev <vitaly(a)easycoding.org> - 3.5.0-1
- Updated to version 3.5.0.
--------------------------------------------------------------------------------
================================================================================
libmateweather-1.20.2-1.fc28 (FEDORA-2019-348975e99f)
Libraries to allow MATE Desktop to display weather information
--------------------------------------------------------------------------------
Update Information:
- update to 1.20.2 - re-work build requires
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.20.2-1
- update to 1.20.2 release
- update build requires
--------------------------------------------------------------------------------
================================================================================
libreport-2.9.5-3.fc28 (FEDORA-2019-7b2fd2d414)
Generic library for reporting various problems
--------------------------------------------------------------------------------
Update Information:
- Use new `minor_update` flag to update Bugzillas to limit number of e-mail
notifications.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Martin Kutlak <mkutlak(a)redhat.com> 2.9.5-3
- Add BuildRequires for git to apply the patches
* Mon Jan 7 2019 Martin Kutlak <mkutlak(a)redhat.com> 2.9.5-2
- lib: Seek beginning of mountinfo file
- rhbz: Replace nomail flag with minor_update
--------------------------------------------------------------------------------
================================================================================
libsodium-1.0.17-1.fc28 (FEDORA-2019-88e3a605f7)
The Sodium crypto library
--------------------------------------------------------------------------------
Update Information:
** Version 1.0.17** - Bug fix: `sodium_pad()` didn't properly support block
sizes >= 256 bytes. - JS/WebAssembly: some old iOS versions can't instantiate
the WebAssembly module; fall back to Javascript on these. - JS/WebAssembly:
compatibility with newer Emscripten versions. - Bug fix:
`crypto_pwhash_scryptsalsa208sha256_str_verify()` and
`crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()` didn't return `EINVAL`
on input strings with a short length, unlike their high-level counterpart. -
Added a workaround for Visual Studio 2010 bug causing CPU features not to be
detected. - Portability improvements. - Test vectors from Project Wycheproof
have been added. - New low-level APIs for arithmetic mod the order of the prime
order group: `crypto_core_ed25519_scalar_random()`,
`crypto_core_ed25519_scalar_reduce()`, `crypto_core_ed25519_scalar_invert()`,
`crypto_core_ed25519_scalar_negate()`,
`crypto_core_ed25519_scalar_complement()`, `crypto_core_ed25519_scalar_add()`
and `crypto_core_ed25519_scalar_sub()`. - New low-level APIs for scalar
multiplication without clamping: `crypto_scalarmult_ed25519_base_noclamp()` and
`crypto_scalarmult_ed25519_noclamp()`. These new APIs are especially useful for
blinding. - `sodium_sub()` has been implemented. - Support for WatchOS has
been added. - getrandom(2) is now used on FreeBSD 12+. - The `nonnull`
attribute has been added to all relevant prototypes. - More reliable AVX512
detection. - Javascript/Webassembly builds now use dynamic memory growth.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Remi Collet <remi(a)remirepo.net> - 1.0.17-1
- update to 1.0.17
--------------------------------------------------------------------------------
================================================================================
libwebsockets-3.0.1-2.fc28 (FEDORA-2019-e57a344074)
A lightweight C library for Websockets
--------------------------------------------------------------------------------
Update Information:
Rebuild for libwebsockets 3.x ---- Update to latest upstream release 3.0.1
(rhbz#1604687)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 3.0.1-2
- Add libuv-devel Requires to devel package
* Tue Dec 18 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.0.1-1
- Update to latest upstream release 3.0.1 (rhbz#1604687)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon May 7 2018 Fabian Affolter <mail(a)fabian-affolter.ch> - 3.0.0-1
- Update to latest upstream release 3.0.0 (rhbz#1575605)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1604687 - libwebsockets: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604687
--------------------------------------------------------------------------------
================================================================================
mingw-uriparser-0.9.1-1.fc28 (FEDORA-2019-776855b285)
MinGW Windows uriparser library
--------------------------------------------------------------------------------
Update Information:
Update to uriparser-0.9.1, see
https://raw.githubusercontent.com/uriparser/uriparser/uriparser-0.9.1/Cha...
for details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Sandro Mani <manisandro(a)gmail.com> - 0.9.1-1
- Update to 0.9.1
--------------------------------------------------------------------------------
================================================================================
mosquitto-1.5.5-2.fc28 (FEDORA-2019-e57a344074)
An Open Source MQTT v3.1/v3.1.1 Broker
--------------------------------------------------------------------------------
Update Information:
Rebuild for libwebsockets 3.x ---- Update to latest upstream release 3.0.1
(rhbz#1604687)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Peter Robinson <pbrobinson(a)fedoraproject.org> 1.5.5-2
- Rebuild for libwebsockets 3.x
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1604687 - libwebsockets: FTBFS in Fedora rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1604687
--------------------------------------------------------------------------------
================================================================================
phan-1.2.0-1.fc28 (FEDORA-2019-d6ff22e1c7)
A static analyzer for PHP
--------------------------------------------------------------------------------
Update Information:
05 Jan 2019, **Phan 1.2.0** **New features(Analysis):** + Infer match keys of
`$matches` for a wider range of regexes (e.g. non-capturing groups, named
subgroups) (#2294) + Improve detection of invalid arguments in code implicitly
calling `__invoke`. + Support extracting template types from more forms of
`callable` types. (#2264) + Support `@phan-assert`, `@phan-assert-true-
condition`, and `@phan-assert-false-condition`. Examples of side effects when
this annotation is used on a function/method declaration: - `@phan-assert int
$x` will assert that the argument to the parameter `$x` is of type `int`. -
`@phan-assert !false $x` will assert that the argument to the parameter `$x` is
not false. - `@phan-assert !\Traversable $x` will assert that the argument to
the parameter `$x` is not `Traversable` (or a subclass) - `@phan-assert-true-
condition $x` will make Phan infer that the argument to parameter `$x` is truthy
if the function returned successfully. - `@phan-assert-false-condition $x`
will make Phan infer that the argument to parameter `$x` is falsey if the
function returned successfully. - This can be used in combination with Phan's
template support. See [tests/plugin_test/src/072_custom_assertions.php](tests
/plugin_test/src/072_custom_assertions.php) for example uses of these
annotations. + Suggest typo fixes when emitting `PhanUnusedVariable`, if only
one definition was seen. (#2281) + Infer that `new $x` is of the template type
`T` if `$x` is `class-string<T>` (#2257) **Plugins:** - Add
`PHPUnitAssertionPlugin`. This plugin will make Phan infer side effects from
some of the uses of the helper methods PHPUnit provides within test cases. -
Infer that a condition is truthy from `assertTrue()` and `assertNotFalse()`
(e.g. `assertTrue($x instanceof MyClass)`) - Infer that a condition is
null/not null from `assertNull()` and `assertNotNull()` - Infer class type of
`$actual` from `assertInstanceOf(MyClass::class, $actual)` - Infer that
`$actual` has the exact type of `$expected` after calling `assertSame($expected,
$actual)` - Other methods aren't supported yet. **Bug fixes:** - Infer that
some internal classes' properties (such as `\Exception->message`) are protected
(#2283) - Fix a crash running Phan without php-ast when no files were parsed
(#2287) ---- 30 Dec 2018, **Phan 1.1.10** **New features(Analysis):** + Add
suggestions if to `PhanUndeclaredConstant` issue messages about undeclared
global constants, if possible. (#2240) Suggestions include other global
constants, variables, class constants, properties, and function names. + Warn
about `continue` and `break` with no matching loop/switch scope. (#1869) New
issue types: `PhanContinueOrBreakTooManyLevels`, `PhanContinueOrBreakNotInLoop`
+ Warn about `continue` statements targeting `switch` control structures (doing
the same thing as a `break`) (#1869) New issue types:
`PhanContinueTargetingSwitch` + Support inferring template types from array
keys. int/string/mixed can be inferred from `array<TKey,\someType>` when
`@template TKey` is in the class/function-like scope. + Phan can now infer
template types from even more categories of parameter types in constructors and
regular functions/methods. (#522) - infer `T` from `Closure(T):\OtherClass`
and `callable(T):\OtherClass` - infer `T` from `array{keyName:T}` - infer
`TKey` from `array<TKey,\OtherClass>` (as int, string, or mixed) **Bug fixes:**
+ Refactor the way `@template` annotations are parsed on classes and function-
likes to avoid various edge cases (#2253) + Fix a bug causing Phan to fail to
analyze closures/uses of closures when used inline (e.g. in function calls)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 6 2019 Remi Collet <remi(a)remirepo.net> - 1.2.0-1
- update to 1.2.0
* Mon Dec 31 2018 Remi Collet <remi(a)remirepo.net> - 1.1.10-1
- update to 1.1.10
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.14.0-1.fc28 (FEDORA-2019-8d2d3a7bd3)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
Changelog for v2.14.0 --------------------- * bug #4220
NativeFunctionInvocationFixer - namespaced strict to remove backslash
(kubawerlos) * feature #3881 Add PhpdocVarAnnotationCorrectOrderFixer
(kubawerlos) * feature #3915 Add HeredocIndentationFixer (gharlan) * feature
#4002 NoSuperfluousPhpdocTagsFixer - Allow `mixed` in superfluous PHPDoc by
configuration (MortalFlesh) * feature #4030 Add get_required_files and
user_error aliases (ntzm) * feature #4043 NativeFunctionInvocationFixer - add
option to remove redundant backslashes (kubawerlos) * feature #4102 Add
NoUnsetCastFixer (SpacePossum) * minor #4025 Add phpdoc_types_order rule to
Symfony's ruleset (carusogabriel) * minor #4213 [7.3] PHP7.3 integration tests
(SpacePossum) * minor #4233 Add official support for PHP 7.3 (keradus) ----
Changelog for v2.13.3 --------------------- * bug #4216 Psr4Fixer - fix for
multiple classy elements in file (keradus, kubawerlos) * bug #4217 Psr0Fixer -
class with anonymous class (kubawerlos) * bug #4219 NativeFunctionCasingFixer -
handle T_RETURN_REF (kubawerlos) * bug #4224 FunctionToConstantFixer - handle
T_RETURN_REF (SpacePossum) * bug #4229 IsNullFixer - fix parenthesis not closed
(guilliamxavier) * minor #4193 [7.3] CombineNestedDirnameFixer - support PHP 7.3
(kubawerlos) * minor #4198 [7.3] PowToExponentiationFixer - adding to PHP7.3
integration test (kubawerlos) * minor #4199 [7.3] MethodChainingIndentationFixer
- add tests for PHP 7.3 (kubawerlos) * minor #4200 [7.3]
ModernizeTypesCastingFixer - support PHP 7.3 (kubawerlos) * minor #4201 [7.3]
MultilineWhitespaceBeforeSemicolonsFixer - add tests for PHP 7.3 (kubawerlos) *
minor #4202 [7.3] ErrorSuppressionFixer - support PHP 7.3 (kubawerlos) * minor
#4205 DX: PhpdocAlignFixer - refactor to use DocBlock (kubawerlos) * minor #4206
DX: enable multiline_whitespace_before_semicolons (keradus) * minor #4207 [7.3]
RandomApiMigrationFixerTest - tests for 7.3 (SpacePossum) * minor #4208 [7.3]
NativeFunctionCasingFixerTest - tests for 7.3 (SpacePossum) * minor #4209 [7.3]
PhpUnitStrictFixerTest - tests for 7.3 (SpacePossum) * minor #4210 [7.3]
PhpUnitConstructFixer - add test for PHP 7.3 (kubawerlos) * minor #4211 [7.3]
PhpUnitDedicateAssertFixer - support PHP 7.3 (kubawerlos) * minor #4214 [7.3]
NoUnsetOnPropertyFixerTest - tests for 7.3 (SpacePossum) * minor #4222 [7.3]
PhpUnitExpectationFixer - support PHP 7.3 (kubawerlos) * minor #4223 [7.3]
PhpUnitMockFixer - add tests for PHP 7.3 (kubawerlos) * minor #4230 [7.3]
IsNullFixer - fix trailing comma (guilliamxavier) * minor #4232 DX: remove
Utils::splitLines (kubawerlos) * minor #4234 [7.3] Test that "LITERAL instanceof
X" is valid (guilliamxavier) ---- Changelog for v2.13.2
--------------------- * bug #3968 SelfAccessorFixer - support FQCN (kubawerlos)
* bug #3974 Psr4Fixer - class with anonymous class (kubawerlos) * bug #3987 Run
HeaderCommentFixer after NoBlankLinesAfterPhpdocFixer (StanAngeloff) * bug #4009
TypeAlternationTransformer - Fix pipes in function call with constants being
classified incorrectly (ntzm, SpacePossum) * bug #4022 NoUnsetOnPropertyFixer -
refactor and bugfixes (kubawerlos) * bug #4036 ExplicitStringVariableFixer -
fixes for backticks and for 2 variables next to each other (kubawerlos,
Slamdunk) * bug #4038 CommentToPhpdocFixer - handling nested PHPDoc (kubawerlos)
* bug #4064 Ignore invalid mode strings, add option to remove the "b" flag.
(SpacePossum) * bug #4071 DX: do not insert Token when calling
removeLeadingWhitespace/removeTrailingWhitespace from Tokens (kubawerlos) * bug
#4073 IsNullFixer - fix function detection (kubawerlos) * bug #4074
FileFilterIterator - do not filter out files that need fixing (SpacePossum) *
bug #4076 EregToPregFixer - fix function detection (kubawerlos) * bug #4084
MethodChainingIndentation - fix priority with Braces (dmvdbrugge) * bug #4099
HeaderCommentFixer - throw exception on invalid header configuration
(SpacePossum) * bug #4100 PhpdocAddMissingParamAnnotationFixer - Handle variable
number of arguments and pass by reference cases (SpacePossum) * bug #4101
ReturnAssignmentFixer - do not touch invalid code (SpacePossum) * bug #4104
Change transformers order, fixing untransformed T_USE (dmvdbrugge) * bug #4107
Preg::split - fix for non-UTF8 subject (ostrolucky, kubawerlos) * bug #4109
NoBlankLines*: fix removing lines consisting only of spaces (kubawerlos,
keradus) * bug #4114 VisibilityRequiredFixer - don't remove comments
(kubawerlos) * bug #4116 OrderedImportsFixer - fix sorting without any grouping
(SpacePossum) * bug #4119 PhpUnitNoExpectationAnnotationFixer - fix extracting
content from annotation (kubawerlos) * bug #4127 LowercaseConstantsFixer - Fix
case with properties using constants as their name (srathbone) * bug #4134 [7.3]
SquareBraceTransformer - nested array destructuring not handled correctly
(SpacePossum) * bug #4153 PhpUnitFqcnAnnotationFixer - handle only PhpUnit
classes (kubawerlos) * bug #4169 DirConstantFixer - Fixes for PHP7.3 syntax
(SpacePossum) * bug #4181 MultilineCommentOpeningClosingFixer - fix handling
empty comment (kubawerlos) * bug #4186 Tokens - fix removal of leading/trailing
whitespace with empty token in collection (kubawerlos) * minor #3436 Add a
handful of integration tests (BackEndTea) * minor #3774
PhpUnitTestClassRequiresCoversFixer - Remove unneeded loop and use phpunit
indicator class (BackEndTea, SpacePossum) * minor #3778 DX: Throw an exception
if FileReader::read fails (ntzm) * minor #3916 New ruleset "@PhpCsFixer"
(gharlan) * minor #4007 Fixes cookbook for fixers (greeflas) * minor #4031
Correct FixerOptionBuilder::getOption return type (ntzm) * minor #4046 Token -
Added fast isset() path to token->equals() (staabm) * minor #4047 Token - inline
$other->getPrototype() to speedup equals() (staabm, keradus) * minor #4048
Tokens - inlined extractTokenKind() call on the hot path (staabm) * minor #4069
DX: Add dev-tools directory to gitattributes as export-ignore (alexmanno) *
minor #4070 Docs: Add link to a VS Code extension in readme (jakebathman) *
minor #4077 DX: cleanup - NoAliasFunctionsFixer - use FunctionsAnalyzer
(kubawerlos) * minor #4088 Add Travis test with strict types (kubawerlos) *
minor #4091 Adjust misleading sentence in CONTRIBUTING.md (ostrolucky) * minor
#4092 UseTransformer - simplify/optimize (SpacePossum) * minor #4095 DX: Use
::class (keradus) * minor #4096 DX: fixing typo (kubawerlos) * minor #4097 DX:
namespace casing (kubawerlos) * minor #4110 Enhancement: Update
localheinz/composer-normalize (localheinz) * minor #4115 Changes for upcoming
Travis' infra migration (sergeyklay) * minor #4122 DX: AppVeyor - Update
Composer download link (SpacePossum) * minor #4128 DX: cleanup -
AbstractFunctionReferenceFixer - use FunctionsAnalyzer (SpacePossum, kubawerlos)
* minor #4129 Fix: Symfony 4.2 deprecations (kubawerlos) * minor #4139 DX: Fix
CircleCI (kubawerlos) * minor #4142 [7.3] NoAliasFunctionsFixer -
mbregex_encoding' => 'mb_regex_encoding (SpacePossum) * minor #4143
PhpUnitTestCaseStaticMethodCallsFixer - Add PHPUnit 7.5 new assertions
(Slamdunk) * minor #4149 [7.3] ArgumentsAnalyzer - PHP7.3 support (SpacePossum)
* minor #4161 DX: CI - show packages installed via Composer (keradus) * minor
#4162 DX: Drop symfony/lts (keradus) * minor #4166 DX: do not use
AbstractFunctionReferenceFixer when no need to (kubawerlos) * minor #4168 DX:
FopenFlagsFixer - remove useless proxy method (SpacePossum) * minor #4171 Fix
CircleCI cache (kubawerlos) * minor #4173 [7.3] PowToExponentiationFixer - add
support for PHP7.3 (SpacePossum) * minor #4175 Fixing typo (kubawerlos) * minor
#4177 CI: Check that tag is matching version of PHP CS Fixer during deployment
(keradus) * minor #4180 Fixing typo (kubawerlos) * minor #4182 DX: update php-
cs-fixer file style (kubawerlos) * minor #4185 [7.3] ImplodeCallFixer - add
tests for PHP7.3 (kubawerlos) * minor #4187 [7.3] IsNullFixer - support PHP 7.3
(kubawerlos) * minor #4188 DX: cleanup (keradus) * minor #4189 Travis - add PHP
7.3 job (keradus) * minor #4190 Travis CI - fix config (kubawerlos) * minor
#4192 [7.3] MagicMethodCasingFixer - add tests for PHP 7.3 (kubawerlos) * minor
#4194 [7.3] NativeFunctionInvocationFixer - add tests for PHP 7.3 (kubawerlos) *
minor #4195 [7.3] SetTypeToCastFixer - support PHP 7.3 (kubawerlos) * minor
#4196 Update website (keradus) * minor #4197 [7.3] StrictParamFixer - support
PHP 7.3 (kubawerlos)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jan 5 2019 Remi Collet <remi(a)remirepo.net> - 2.14.0-1
- update to 2.14.0
* Wed Jan 2 2019 Remi Collet <remi(a)remirepo.net> - 2.13.2-1
- update to 2.13.2
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Form-2.0.19-1.fc28 (FEDORA-2019-fb2ce5f6d9)
Horde Form API
--------------------------------------------------------------------------------
Update Information:
**Horde_Form 2.0.19** * [mjr] SECURITY: Prevent RCE vulnerability due to
potential directory traversal in Image uploads (An independent security
researcher has reported this vulnerability to SecuriTeam Secure Disclosure
program).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Remi Collet <remi(a)remirepo.net> - 2.0.19-1
- update to 2.0.19
- use range dependencies
--------------------------------------------------------------------------------
================================================================================
php-horde-imp-6.2.23-1.fc28 (FEDORA-2019-1320dc1797)
A web based webmail system
--------------------------------------------------------------------------------
Update Information:
**imp 6.2.23** * [mjr] Fix attachment handling in minimal mode (PR #3, Thorsten
Kahler). * [mjr] Fix regular expression error with PHP 7.3. * [mjr] Fix fatal
error when requested attachment not found in minimal mode.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Remi Collet <remi(a)remirepo.net> - 6.2.23-1
- update to 6.2.23
- use range dependencies
--------------------------------------------------------------------------------
================================================================================
php-horde-kronolith-4.2.26-1.fc28 (FEDORA-2019-779f2893e7)
A web based calendar
--------------------------------------------------------------------------------
Update Information:
**kronolith 4.2.26** * [mjr] Remove hard coded end date for calendar feed and
allow it to be specified in url.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Remi Collet <remi(a)remirepo.net> - 4.2.26-1
- update to 4.2.26
- use range dependencies
--------------------------------------------------------------------------------
================================================================================
php-symfony3-3.4.21-1.fc28 (FEDORA-2019-16f5236a9c)
Symfony PHP framework (version 3)
--------------------------------------------------------------------------------
Update Information:
**Version 3.4.21** (2019-01-06) * bug #29494 [HttpFoundation] Fix request uri
when it starts with double slashes (alquerci) * bug #29679 [HttpKernel]
Correctly Render Signed URIs Containing Fragments (zanbaldwin) * bug #29754
Ensure final input of CommandTester works with default (Firehed) * bug #29695
[Form] Do not ignore the choice groups for caching (vudaltsov) * bug #29738
[Intl] handle null date and time types (xabbuh) * bug #29704 [FrameworkBundle]
improve errors in tests missing the BrowserKit component (xabbuh) * bug #29617
[Console] Add specific replacement for help text in single command applications
(codedmonkey) * bug #29714 [Event Dispatcher] fixed 29703:
TraceableEventDispatcher reset() callStack to null (mlievertz) * bug #29597
[DI] fix reporting bindings on overriden services as unused (nicolas-grekas) *
bug #29639 [Yaml] detect circular references (xabbuh) * bug #29411
[EventDispatcher] Revers event tracing order (ro0NL) * bug #29533 Fixed public
directory when configured in composer.json (alexander-schranz) * bug #29619
[Console] OutputFormatter: move strtolower to createStyleFromString (ogizanagi)
* bug #29621 [Security] Prefer clone() over unserialize(serialize()) for user
refreshment (chalasr) * bug #29587 [Debug] ignore underscore vs backslash
namespaces in DebugClassLoader (nicolas-grekas) * bug #29584 [FrameworkBundle]
fix describing routes with no controllers (nicolas-grekas) * bug #29582 [DI]
move RegisterServiceSubscribersPass before DecoratorServicePass (kbond) * bug
#29527 [TwigBridge][Form] Prevent multiple rendering of form collection
prototypes (Shoplifter) * bug #29571 [Yaml] ensures that the
mb_internal_encoding is reset to its initial value (J��rn Lang) * bug #29513
[Hackday][Serializer] Deserialization ignores argument type hint from phpdoc for
array in constructor argument (karser) * bug #29323 [Security] defer log
message in guard authenticator (eschultz-magix) * bug #29531 [Validator] Added
IBAN format for Vatican City State (raulfraile) * bug #29307 [Form] Filter
arrays out of scalar form types (nicolas-grekas) * bug #29500 [Form] filter out
invalid Intl values (xabbuh) * bug #29499 [Validator] Fixed grouped composite
constraints (HeahDude)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Remi Collet <remi(a)remirepo.net> - 3.4.21-1
- update to 3.4.21
--------------------------------------------------------------------------------
================================================================================
printrun-2.0.0-0.8.rc5.fc28 (FEDORA-2019-5f47a5fd28)
RepRap printer interface and tools
--------------------------------------------------------------------------------
Update Information:
Fix handling filename command line argument
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Miro Hron��ok <mhroncok(a)redhat.com>
- Fix Python 3 compatibility when handling filename command line argument (#1654399)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> -
1:2.0.0-0.7.rc5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jun 19 2018 Miro Hron��ok <mhroncok(a)redhat.com> - 1:2.0.0-0.6.rc5
- Rebuilt for Python 3.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1654399 - [abrt] pronterface: process_cmdline_arguments():
pronsole.py:746:process_cmdline_arguments:AttributeError: 'str' object has no
attribute 'decode'
https://bugzilla.redhat.com/show_bug.cgi?id=1654399
--------------------------------------------------------------------------------
================================================================================
purple-facebook-0.9.5-13.9ff9acf9fa14.fc28 (FEDORA-2019-713edad58a)
Facebook protocol plugin for purple2
--------------------------------------------------------------------------------
Update Information:
- Add patch from upstream fixing 'Failed to get sync_sequence_id' - Add patch to
check and link zlib
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-13.9ff9acf9fa14
- Add patch to check and link zlib
* Mon Jan 7 2019 Bj��rn Esser <besser82(a)fedoraproject.org> - 0.9.5-12.9ff9acf9fa14
- Add patch from upstream fixing 'Failed to get sync_sequence_id' (#1663599)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1663599 - Stop working with the error: Failed to get sync_sequence_id
https://bugzilla.redhat.com/show_bug.cgi?id=1663599
--------------------------------------------------------------------------------
================================================================================
python-django-2.0.10-1.fc28 (FEDORA-2019-e6ca5847c7)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
fix CVE-2019-3498 python-django: Content spoofing via URL path in
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Matthias Runge <mrunge(a)redhat.com> - 2.0.10-1
- fix CVE-2019-3498 python-django: Content spoofing via URL path in
default 404 page (rhbz#1663723)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1663723 - CVE-2019-3498 python-django: Content spoofing via URL path in
default 404 page [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1663723
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.5.14-1.fc28 (FEDORA-2019-1d86eca7f8)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
Add support for stomp over TLS with SNI
https://github.com/mokshaproject/moksha/pull/66
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Ralph Bean <rbean(a)redhat.com> - 1.5.14-1
- new version
* Mon Sep 24 2018 Ralph Bean <rbean(a)redhat.com> - 1.5.13-2.0.1cb025525
- Apply experimental upstream patch for stomp heartbeat handling
https://github.com/mokshaproject/moksha/pull/65
--------------------------------------------------------------------------------
================================================================================
python-tvb-gdist-1.5.6-3.fc28 (FEDORA-2019-a387a35b7c)
Cython interface to geodesic
--------------------------------------------------------------------------------
Update Information:
New package!
https://github.com/the-virtual-brain/tvb-geodesic
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1662544 - Review Request: python-tvb-gdist - Cython interface to geodesic
https://bugzilla.redhat.com/show_bug.cgi?id=1662544
--------------------------------------------------------------------------------
================================================================================
syncthing-1.0.0-1.fc28 (FEDORA-2019-ef3fc57be3)
Continuous File Synchronization
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.0. It was originally planned to release this version as
0.14.55, but the upstream project decided to finally let this release reflect
the "stable" status of the project - after about five years of development.
Release notes:
https://github.com/syncthing/syncthing/releases/tag/v1.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Fabio Valentini <decathorpe(a)gmail.com> - 1.0.0-1
- Update to version 1.0.0.
--------------------------------------------------------------------------------
================================================================================
tor-0.3.4.10-1.fc28 (FEDORA-2019-cb776a25ba)
Anonymizing overlay network for TCP
--------------------------------------------------------------------------------
Update Information:
update to latest upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Marcel H��rry <mh+fedora(a)scrit.ch> - 0.3.4.10-1
- update to latest upstream release
--------------------------------------------------------------------------------
================================================================================
uriparser-0.9.1-1.fc28 (FEDORA-2019-776855b285)
URI parsing library - RFC 3986
--------------------------------------------------------------------------------
Update Information:
Update to uriparser-0.9.1, see
https://raw.githubusercontent.com/uriparser/uriparser/uriparser-0.9.1/Cha...
for details.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 7 2019 Sandro Mani <manisandro(a)gmail.com> - 0.9.1-1
- Update to 0.9.1
--------------------------------------------------------------------------------
================================================================================
wireshark-2.6.5-2.fc28 (FEDORA-2019-c19c0dcfa9)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Enabling HTTP2 support
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 3 2019 Michal Ruprich <mruprich(a)redhat.com> - 1:2.6.5-2
- Adding libnghttp2-devel as BuildRequires - needed for HTTP2 support(rhbz#1512722)
- Adding jack-audio-connection-kit as a BuildRequire for portaudio
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1512722 - RFE: enable HTTP/2 support in Wireshark >= 2.4
https://bugzilla.redhat.com/show_bug.cgi?id=1512722
--------------------------------------------------------------------------------