The following Fedora 35 Security updates need testing:
Age URL
86
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
78
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bc606b86f4
CuraEngine-4.13.1-2.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0f14e2308e
chromium-100.0.4896.127-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b
freerdp-2.7.0-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-4e6bd7ca62
recutils-1.9-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b9f9b2993
suricata-6.0.5-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8cf0124add
ruby-3.0.4-153.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0985b0cb9f
mingw-freetype-2.11.0-2.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-44373f6778 redis-6.2.7-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-411f088574 curl-7.79.1-2.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-03350936ee
galera-26.4.11-1.fc35 mariadb-10.5.15-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5a2e1ad72b
java-1.8.0-openjdk-1.8.0.332.b09-1.fc35 java-11-openjdk-11.0.15.0.10-1.fc35
java-17-openjdk-17.0.3.0.7-1.fc35 java-latest-openjdk-18.0.1.0.10-1.rolling.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
40
https://bodhi.fedoraproject.org/updates/FEDORA-2022-925ac7bfff
gnome-shell-41.5-1.fc35 mutter-41.5-1.fc35
18
https://bodhi.fedoraproject.org/updates/FEDORA-2022-59b61235bf
binutils-2.37-17.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3759ebabd2 git-2.35.3-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fff31008f6
langtable-0.0.58-1.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-fd04a43eb1 rtkit-0.11-30.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-15778e49e1
libhandy-1.4.1-1.fc35
6
https://bodhi.fedoraproject.org/updates/FEDORA-2022-13c66e33b1 inih-55-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-bdfcd4f5d3
libtpms-0.9.4-0.20220425gite4d68670e1.fc35.0
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0c44eb0df4
python-rpmautospec-0.2.6-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-a3e03a200b
freerdp-2.7.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e4a46d0bd0
livecd-tools-30.0-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e3046139e5
gnutls-3.7.4-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2022-411f088574 curl-7.79.1-2.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-916eaaeb7b
kernel-5.17.5-200.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0ab93ad2ab
python-requests-2.27.1-2.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2c74c0c111
vim-8.2.4845-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-01079468a3
systemd-249.12-3.fc35
The following builds have been pushed to Fedora 35 updates-testing
cifs-utils-6.15-1.fc35
fbrnch-1.1-2.fc35
fcft-3.1.1-1.fc35
gn-1938-10.20210927git0153d369.fc35
gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc35
golang-github-evanw-esbuild-0.14.38-1.fc35
lxqt-globalkeys-0.17.0-2.fc35
mold-1.2.1-1.fc35
onedrive-2.4.17-1.fc35
python-dns-lexicon-3.10.0-1.fc35
python-xds-protos-0.0.11-10.fc35
theme-switcher-2.0.4-10.fc35
variety-0.8.7-1.fc35
vdr-skinnopacity-1.1.10-1.fc35
w3m-0.5.3-55.git20220429.fc35
Details about builds:
================================================================================
cifs-utils-6.15-1.fc35 (FEDORA-2022-7fda04ab5a)
Utilities for mounting and managing CIFS mounts
--------------------------------------------------------------------------------
Update Information:
This is a security release to address the following bugs: - CVE-2022-27239:
mount.cifs: fix length check for ip option parsing - CVE-2022-29869: mount.cifs:
fix verbose messages on option parsing Description CVE-2022-27239: In cifs-
utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs
ip= command-line argument could lead to local attackers gaining root privileges.
CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an
information leak when a file contains = (equal sign) characters but is not a
valid credentials file. Both issues were originally reported and fixed by
Jeffrey Bencteux.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Alexander Bokovoy <abokovoy(a)redhat.com> - 6.15-1
- Upstream release 6.15
- CVE-2022-27239: mount.cifs: fix length check for ip option parsing
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
- Fixes: rhbz#2080525
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080525 - cifs-utils-6.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080525
--------------------------------------------------------------------------------
================================================================================
fbrnch-1.1-2.fc35 (FEDORA-2022-ee4531591e)
Fedora packager tool to build package branches
--------------------------------------------------------------------------------
Update Information:
https://hackage.haskell.org/package/fbrnch-1.1/changelog
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Jens Petersen <petersen(a)redhat.com> - 1.1-2
-
https://hackage.haskell.org/package/fbrnch-1.1/changelog
--------------------------------------------------------------------------------
================================================================================
fcft-3.1.1-1.fc35 (FEDORA-2022-831463eb16)
Simple library for font loading and glyph rasterization
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.1 (#2080746)
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 3.1.1-1
- Update to 3.1.1 (#2080746)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080746 - fcft-3.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080746
--------------------------------------------------------------------------------
================================================================================
gn-1938-10.20210927git0153d369.fc35 (FEDORA-2022-ad676341b3)
Meta-build system that generates build files for Ninja
--------------------------------------------------------------------------------
Update Information:
Improve handling of bundled ICU components
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-10.20210927git0153d369
- Improve handling of bundled ICU components
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-9.20210927git0153d369
- Stop numbering patches
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-8.20210927git0153d369
- BR emacs-common for RPM macros
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-7.20210927git0153d369
- Drop even the emacs-nox BR
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-6.20210927git0153d369
- BR emacs-nox instead of full emacs
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-5.20210927git0153d369
- Drop BR on python3, redundant with python3-devel
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
1938-4.20210927git0153d369
- Use %python3 macro instead of %__python3
--------------------------------------------------------------------------------
================================================================================
gnome-shell-extension-netspeed-3.32-0.4.20220421git5a96082.fc35 (FEDORA-2022-b5b39ef74f)
A gnome-shell extension to show speed of the internet
--------------------------------------------------------------------------------
Update Information:
Update to 3.32-0.4.20220421git5a96082
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Martin Gansser <martinkg(a)fedoraproject.org> -
3.32-0.4.20220421git5a96082
- Update to 3.32-0.4.20220421git5a96082
* Fri Mar 25 2022 Martin Gansser <martinkg(a)fedoraproject.org> -
3.32-0.3.20211102git8638073
- Add gnome 42 Support
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
3.32-0.2.20211102git8638073
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-evanw-esbuild-0.14.38-1.fc35 (FEDORA-2022-583c789a0d)
Fast JavaScript bundler and minifier
--------------------------------------------------------------------------------
Update Information:
Update to 0.14.38
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 26 2022 Onuralp SEZER <thunderbirdtr(a)fedoraproject.org> - 0.14.38-1
- Update to 0.14.38
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.32-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lxqt-globalkeys-0.17.0-2.fc35 (FEDORA-2022-4bb60a6cbb)
Global keys utility for LXQt desktop suite
--------------------------------------------------------------------------------
Update Information:
Backported a fix so the daemon can start reliably.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 19 2022 Bj��rn Persson <Bjorn@Rombobj��rn.se> - 0.17.0-2
- Backported a fix so the daemon can start reliably.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036058 - lxqt-globalkeys not running
https://bugzilla.redhat.com/show_bug.cgi?id=2036058
--------------------------------------------------------------------------------
================================================================================
mold-1.2.1-1.fc35 (FEDORA-2022-d2ca9d6a93)
A Modern Linker
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.2.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Christoph Erhardt <fedora(a)sicherha.de> - 1.2.1-1
- Bump version to 1.2.1
- Drop upstreamed patch
- Add support for 32-bit x86 and Arm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080023 - mold-1.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080023
--------------------------------------------------------------------------------
================================================================================
onedrive-2.4.17-1.fc35 (FEDORA-2022-344fc319cd)
OneDrive Free Client written in D
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.17 (#2080550)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 30 2022 Fedora Release Monitoring <release-monitoring(a)fedoraproject.org> -
2.4.17-1
- Update to 2.4.17 (#2080550)
--------------------------------------------------------------------------------
================================================================================
python-dns-lexicon-3.10.0-1.fc35 (FEDORA-2022-b704cc7e03)
Manipulate DNS records on various DNS providers in a standardized/agnostic way
--------------------------------------------------------------------------------
Update Information:
Update to 3.10.0 ---- Add gransy and ddns extra packages
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.10.0-1
- Update to 3.10.0
* Thu Apr 28 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-3
- Add "tests" conditional to make tests optional on EPEL
- Ensure that BuildRequires resolve correctly and only relevant tests run when building
without extras
* Tue Apr 26 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-2
- Reenable tests for GoDady, Transip, Namecheap and NamecheapManaged providers
- Add gransy and ddns extra packages
- Remove explicit BuildRequires (handled by the pyproject_buildrequires macro)
- Remove explicit extra package Requires (handled by automatic dependency generator)
- Remove unused rhel7 macro
* Tue Apr 19 2022 Christian Schuermann <spike(a)fedoraproject.org> 3.9.5-1
- update to 3.9.5
--------------------------------------------------------------------------------
================================================================================
python-xds-protos-0.0.11-10.fc35 (FEDORA-2022-918663d2a3)
ProtoBuf generated Python files for xDS protos
--------------------------------------------------------------------------------
Update Information:
Rebuild for python-googleapis-common-protos 1.56.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.0.11-10
- Fix release number
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.0.11-1
- Drop ���forge��� macros since they do not simplify matters here
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
0.0.11^20210907gitv1.40.0-2
- Rebuild for googleapis-common-protos 1.56
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net>
0.0.11^20210907gitv1.40.0-1
- Modernize snapshot versioning
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.0.11-5
- Use %python3 macro instead of %__python3
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.0.11-4
- Update a comment about bootstrapping in the spec file
* Sun May 1 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.0.11-3
- Reduce macro indirection in the spec file
--------------------------------------------------------------------------------
================================================================================
theme-switcher-2.0.4-10.fc35 (FEDORA-2022-5549473422)
Switch dark/light GTK theme automatically during day/night
--------------------------------------------------------------------------------
Update Information:
build: Add dep gnome-terminal | GH#13
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Artem Polishchuk <ego.cordatus(a)gmail.com> - 2.0.4-10
- build: Add dep gnome-terminal | GH#13
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.0.4-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
variety-0.8.7-1.fc35 (FEDORA-2022-79b39c4c25)
Wallpaper changer that automatically downloads wallpapers
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.7-1 ---- Update to 0.8.6-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 0.8.7-1
- Update to 0.8.7
* Tue Apr 26 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 0.8.6-1
- Update to 0.8.6
* Sat Mar 26 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 0.8.5-8
- Add Add_Dark_Wallpaper_Support_for_Gnome42.patch
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.8.5-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
vdr-skinnopacity-1.1.10-1.fc35 (FEDORA-2022-6c63561239)
A highly customizable native true color skin for the Video Disc Recorder
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.10-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.10-1
- Update to 1.1.10
* Sat Feb 5 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.9-4
- Rebuilt for new VDR API version
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.1.9-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Dec 30 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.9-2
- Rebuilt for new VDR API version
--------------------------------------------------------------------------------
================================================================================
w3m-0.5.3-55.git20220429.fc35 (FEDORA-2022-89f3169c2f)
Pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:
# w3m 0.5.3+git20220429 ## New features - Support kitty's APC G graphics
protocol with ImageMagick's `convert` - Support iTerm2's OSC 1337 graphics
protocol - New option inline_img_protocol to select the graphics protocol (0:
w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G) - New option
`ssl_cipher` to specify TLSv1.2 ciphers, e.g. `DEFAULT:@SECLEVEL=2` - New
option `ssl_min_version` for OpenSSL 1.1 - New option `-insecure` to use
insecure SSL config options - New option `ssl_ca_default`, explicitly use
OpenSSL default paths by default - New option `cross_origin_referer`, use
origin only Referer when cross origin - New option `localhost_only `to
restrict connections only to localhost - New option `disable_center` to
disable center alignment - Support brotli content encoding - Ignore the `-`
option to accept `w3m -` as "read from stdin" - New `configure` option
`--with-cafile` to detect CA bundle file - Support auto-detection for
`configure --with-migemo` - Add fuzzer for OSS-Fuzz - Add Italian
translation - Add Swedish translation ## Bug fixes - Prevent index overflow
and huge allocation due to Str, libwc, and table - Prevent integer overflow
due to fontstat - Prevent StrStream memory leak - Prevent GC warnings of
repeated allocation - Prevent buffer overflow in shiftAnchorPosition -
Prevent buffer overflow READ when parsing Gopher URLs - Prevent buffer
overflow in gotoLine and gotoRealLine - Prevent warnings when `-Wnull-
dereference`, enabled by default - Prevent warnings when `-Wall`, enabled by
default - Prevent warnings from `cppcheck` - Avoid zero length arrays even
when GCC - Fix fail to render over 32767 lines in a table cell - Disable
`<section>` behaves as `<hr>` - Disable TLSv1.0 and TLSv1.1 by default -
Mention a workaround for SSL error - Fix manipulation of `ASN1_STRING` -
Don't include username in Referer - Don't set Referer when data URI scheme -
Fix broken anchor with link number at EOL - Fix incorrect query string for
`w3mman 7z` - Drop `imlib2-config`, use `pkg-config` - Improve named
character references - Improve `<dl>` rendering - Prefer Imlib2 over GTK2 by
default - Replace encodeB with `base64_encode` to encode null bytes -
Wording fixes for `configure --help`
--------------------------------------------------------------------------------
ChangeLog:
* Sun May 1 2022 Robert Scheck <robert(a)fedoraproject.org> - 0.5.3-55.git20220429
- Rebase to latest upstream gitrev 20220429 (#2080136)
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> -
0.5.3-54.git20210102
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 0.5.3-53.git20210102
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2080136 - w3m-0.5.3+git20220429 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2080136
--------------------------------------------------------------------------------