The following Fedora 34 Security updates need testing: Age URL 32 https://bodhi.fedoraproject.org/updates/FEDORA-2021-ee3c072cd0 golang-1.16.4-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3ffc890685 ntpsec-1.2.1-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d1fc0b9d32 nettle-3.7.3-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d5d263ec35 dino-0.2.1-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-41d4347447 xen-4.14.2-2.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-f236f9f01a isync-1.4.2-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-917e89c036 python-fastapi-0.65.2-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-54a73a7112 dogtag-pki-10.10.6-1.fc34 pki-core-10.10.6-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1382b4c7f5 mosquitto-2.0.11-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1e0e04958d dotnet5.0-5.0.204-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-b14975e43d mingw-python-urllib3-1.25.10-3.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-bc2a819bc5 kernel-5.12.10-300.fc34 kernel-tools-5.12.10-300.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-cb4f3ab817 dotnet3.1-3.1.116-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-181f29c392 mod_http2-1.15.19-1.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-25fe4291c9 mingw-openexr-2.5.5-3.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-834f900f53 iaito-5.2.2-3.fc34 radare2-5.3.1-1.fc34
The following Fedora 34 Critical Path updates have yet to be approved: Age URL 67 https://bodhi.fedoraproject.org/updates/FEDORA-2021-1300e131b6 ddpt-0.96-4.fc34 ledmon-0.95-4.fc34 libgpod-0.8.3-38.fc34 libzfcphbaapi-2.2.0-12.fc34 lsvpd-1.7.11-6.fc34 sg3_utils-1.46-1.fc34 udisks-1.0.5-18.fc34 12 https://bodhi.fedoraproject.org/updates/FEDORA-2021-45ea175c70 osinfo-db-20210531-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-3d595a3c26 lorax-34.12-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-c71d1efd4a mtools-4.0.29-1.fc34 11 https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d2c506cee net-snmp-5.9.1-2.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-771232f4bb qt5-qtdeclarative-5.15.2-5.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0bbe1b0ccf gdb-10.2-3.fc34 10 https://bodhi.fedoraproject.org/updates/FEDORA-2021-0ada4ea04f mariadb-connector-c-3.1.13-1.fc34 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a937a48cdd libguestfs-1.45.6-4.fc34 9 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d42c1e5851 perl-Socket-2.032-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d1fc0b9d32 nettle-3.7.3-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-2fdd8f93d9 ModemManager-1.16.6-1.fc34 libmbim-1.24.8-1.fc34 libqmi-1.28.6-1.fc34 4 https://bodhi.fedoraproject.org/updates/FEDORA-2021-d0fbc1d426 xfce4-session-4.16.0-3.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-523ee0a81e expat-2.4.1-1.fc34 3 https://bodhi.fedoraproject.org/updates/FEDORA-2021-4b5daca395 dtc-1.6.1-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-bc2a819bc5 kernel-5.12.10-300.fc34 kernel-tools-5.12.10-300.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-7d0457da49 audit-3.0.2-1.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-a3ab421a63 dracut-055-2.fc34 2 https://bodhi.fedoraproject.org/updates/FEDORA-2021-e6916d6758 libxcrypt-4.4.22-2.fc34 pam-1.5.1-6.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-6ad94c9114 woff2-1.0.2-12.fc34 1 https://bodhi.fedoraproject.org/updates/FEDORA-2021-34fd70511c redhat-rpm-config-183-1.fc34
The following builds have been pushed to Fedora 34 updates-testing
aom-3.1.1-1.fc34 azote-1.9.1-4.fc34 coq-8.13.2-1.fc34 cpufetch-0.98-1.fc34 drawing-0.8.1-1.fc34 flocq-3.4.0-5.fc34 frama-c-22.0-9.fc34 fzf-0.27.2-1.fc34 gappalib-coq-1.4.6-5.fc34 gcovr-5.0-1.fc34 gnome-chemistry-utils-0.14.17-28.fc34 gnumeric-1.12.50-1.fc34 go-avif-0.1.0-8.fc34 goffice-0.10.50-1.fc34 golang-github-gdamore-tcell-2-2.3.11-1.fc34 gstreamer1-plugins-bad-free-1.19.1-2.fc34 highway-0.12.2-1.fc34 libavif-0.9.0-2.fc34 mednafen-1.27.1-1.fc34 ocaml-menhir-20210419-1.fc34 poedit-3.0-1.fc34 python-dask-2021.6.0-1.fc34~bootstrap python-fiona-1.8.20-1.fc34 python-fsspec-2021.6.0-1.fc34~bootstrap rust-aom-sys-0.2.1-5.fc34 rust-cap-primitives-0.13.10-1.fc34 rust-zcomponents-0.1.1-1.fc34 seamonkey-2.53.7-5.fc34 vmaf-2.1.1-1.fc34 why3-1.3.3-8.fc34 zenon-0.8.4-23.fc34
Details about builds:
================================================================================ aom-3.1.1-1.fc34 (FEDORA-2021-1c3f7963a5) Royalty-free next-generation video format -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 3.1.1-1 - Update to 3.1.1 - Close: rhbz#1954337 - Security fix for CVE-2021-30473 - Fix: rhbz#1961375 - Fix: rhbz#1961376 - Security fix for CVE-2021-30475 - Fix: rhbz#1968017 - Fix: rhbz#1968018 * Wed Mar 10 2021 Leigh Scott leigh123linux@gmail.com - 2.0.1-5 - Rebuild for new libvmaf version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ azote-1.9.1-4.fc34 (FEDORA-2021-56ade68ef8) Wallpaper and color manager for Sway, i3 and some other WMs -------------------------------------------------------------------------------- Update Information:
depend on xrandr rather than xorg-x11-server-utils (required for f34+; OK for f33-) -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Bob Hepple bob.hepple@gmail.com - 1.9.1-4 - depend on xrandr rather than xorg-x11-server-utils (required for f34+; OK for f33-) * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 1.9.1-3 - Rebuilt for Python 3.10 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1970228 - azote-1.9.1-2 broken dependency https://bugzilla.redhat.com/show_bug.cgi?id=1970228 --------------------------------------------------------------------------------
================================================================================ coq-8.13.2-1.fc34 (FEDORA-2021-8b73a471c5) Proof management system -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 4 2021 Jerry James loganjerry@gmail.com - 8.13.2-1 - Version 8.13.2 --------------------------------------------------------------------------------
================================================================================ cpufetch-0.98-1.fc34 (FEDORA-2021-4fc114dc95) Simple tool for determining CPU architecture -------------------------------------------------------------------------------- Update Information:
Update to v0.98 -------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 14 2021 Artur Frenszek-Iwicki fedora@svgames.pl - 0.98-1 - Update to v0.98 - Use "make install" instead of copying files manually --------------------------------------------------------------------------------
================================================================================ drawing-0.8.1-1.fc34 (FEDORA-2021-fd9f74b06f) Drawing application for the GNOME desktop -------------------------------------------------------------------------------- Update Information:
Update to 0.8.1 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Artem Polishchuk ego.cordatus@gmail.com - 0.8.1-1 - build(update): 0.8.1 --------------------------------------------------------------------------------
================================================================================ flocq-3.4.0-5.fc34 (FEDORA-2021-8b73a471c5) Formalization of floating point numbers for Coq -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 8 2021 Jerry James loganjerry@gmail.com - 3.4.0-5 - Rebuild for coq 8.13.2 --------------------------------------------------------------------------------
================================================================================ frama-c-22.0-9.fc34 (FEDORA-2021-8b73a471c5) Framework for source code analysis of C software -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 12 2021 Jerry James loganjerry@gmail.com - 22.0-9 - Rebuild for coq 8.13.2 --------------------------------------------------------------------------------
================================================================================ fzf-0.27.2-1.fc34 (FEDORA-2021-7cf54b7d1a) A command-line fuzzy finder written in Go -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 12 2021 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.27.2-1 - Update to latest version (#1966572) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1966572 - fzf-0.27.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1966572 --------------------------------------------------------------------------------
================================================================================ gappalib-coq-1.4.6-5.fc34 (FEDORA-2021-8b73a471c5) Coq support library for gappa -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 8 2021 Jerry James loganjerry@gmail.com - 1.4.6-5 - Rebuild for coq 8.13.2 --------------------------------------------------------------------------------
================================================================================ gcovr-5.0-1.fc34 (FEDORA-2021-3fc31ef284) A code coverage report generator using GNU gcov -------------------------------------------------------------------------------- Update Information:
New upstream release 5.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Jun 11 2021 Dan ��erm��k dan.cermak@cgc-instruments.com - 5.0-1 - New upstream release 5.0 - Fixes rhbz#1971113 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1971113 - gcovr-5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1971113 --------------------------------------------------------------------------------
================================================================================ gnome-chemistry-utils-0.14.17-28.fc34 (FEDORA-2021-5494c9f0c8) A set of chemical utilities -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream release: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.50.html -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Julian Sikorski belegdol@fedoraproject.org - 0.14.17-28 - Rebuild for gnumeric-1.12.50 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1951997 - gnumeric fails to build with Python 3.10: sys.version[0:3] returns Python version as 3.1 instead of 3.10 https://bugzilla.redhat.com/show_bug.cgi?id=1951997 [ 2 ] Bug #1970710 - gnumeric-1.12.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970710 [ 3 ] Bug #1970711 - goffice-0.10.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970711 --------------------------------------------------------------------------------
================================================================================ gnumeric-1.12.50-1.fc34 (FEDORA-2021-5494c9f0c8) Spreadsheet program for GNOME -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream release: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.50.html -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Julian Sikorski belegdol@fedoraproject.org - 1:1.12.50-1 - Update to 1.12.50 - Drop upstreamed patch - Fix URL and Source URL - Drop gdaif plugin -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1951997 - gnumeric fails to build with Python 3.10: sys.version[0:3] returns Python version as 3.1 instead of 3.10 https://bugzilla.redhat.com/show_bug.cgi?id=1951997 [ 2 ] Bug #1970710 - gnumeric-1.12.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970710 [ 3 ] Bug #1970711 - goffice-0.10.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970711 --------------------------------------------------------------------------------
================================================================================ go-avif-0.1.0-8.fc34 (FEDORA-2021-1c3f7963a5) AVIF (AV1 Still Image File Format) encoder for Go -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.1.0-8 - Rebuilt for aom v3.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ goffice-0.10.50-1.fc34 (FEDORA-2021-5494c9f0c8) G Office support libraries -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream release: * http://gnumeric.org/announcements/1.12/gnumeric-1.12.50.html -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Julian Sikorski belegdol@fedoraproject.org - 0.10.50-1 - Update to 0.10.50 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1951997 - gnumeric fails to build with Python 3.10: sys.version[0:3] returns Python version as 3.1 instead of 3.10 https://bugzilla.redhat.com/show_bug.cgi?id=1951997 [ 2 ] Bug #1970710 - gnumeric-1.12.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970710 [ 3 ] Bug #1970711 - goffice-0.10.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1970711 --------------------------------------------------------------------------------
================================================================================ golang-github-gdamore-tcell-2-2.3.11-1.fc34 (FEDORA-2021-e55cbece2e) Alternate terminal package -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 12 2021 Elliott Sales de Andrade quantum.analyst@gmail.com - 2.3.11-1 - Update to latest version (#1966473) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1966473 - golang-github-gdamore-tcell-2.3.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1966473 --------------------------------------------------------------------------------
================================================================================ gstreamer1-plugins-bad-free-1.19.1-2.fc34 (FEDORA-2021-1c3f7963a5) GStreamer streaming media framework "bad" plugins -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 1.19.1-2 - Rebuilt for aom v3.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ highway-0.12.2-1.fc34 (FEDORA-2021-8853b1fc00) Efficient and performance-portable SIMD -------------------------------------------------------------------------------- Update Information:
Update to 0.12.2 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.12.2-1 - Update to 0.12.2 --------------------------------------------------------------------------------
================================================================================ libavif-0.9.0-2.fc34 (FEDORA-2021-1c3f7963a5) Library for encoding and decoding .avif files -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.9.0-2 - Rebuilt for aom v3.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ mednafen-1.27.1-1.fc34 (FEDORA-2021-e2d4bdf543) A multi-system emulator utilizing OpenGL and SDL -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream release: * https://forum.fobby.net/index.php?t=rview&goto=6464 -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Julian Sikorski belegdol@fedoraproject.org - 1.27.1-1 - Update to 1.27.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1971215 - mednafen-1.27.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1971215 --------------------------------------------------------------------------------
================================================================================ ocaml-menhir-20210419-1.fc34 (FEDORA-2021-8b73a471c5) LR(1) parser generator for OCaml -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 8 2021 Jerry James loganjerry@gmail.com - 20210419-1 - Version 20210419 --------------------------------------------------------------------------------
================================================================================ poedit-3.0-1.fc34 (FEDORA-2021-979faa949d) GUI editor for GNU gettext .po files -------------------------------------------------------------------------------- Update Information:
New upstream version 3.0 -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 5 2021 Wolfgang St��ggl c72578@yahoo.de - 3.0-1 - New upstream version --------------------------------------------------------------------------------
================================================================================ python-dask-2021.6.0-1.fc34~bootstrap (FEDORA-2021-f557131a01) Parallel PyData with Task Scheduling -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 2021.6.0-1 - Update to latest version (#1965698) * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 2021.5.0-2 - Rebuilt for Python 3.10 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1965698 - python-dask-2021.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1965698 --------------------------------------------------------------------------------
================================================================================ python-fiona-1.8.20-1.fc34 (FEDORA-2021-a958756b9d) Fiona reads and writes spatial data files -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 12 2021 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.8.20-1 - Update to latest version (#1966356) * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 1.8.19-3 - Rebuilt for Python 3.10 * Fri May 7 2021 Sandro Mani manisandro@gmail.com - 1.8.19-2 - Rebuild (gdal) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1966356 - python-fiona-1.8.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1966356 --------------------------------------------------------------------------------
================================================================================ python-fsspec-2021.6.0-1.fc34~bootstrap (FEDORA-2021-3fb98eb9dd) Specification for Pythonic file system interfaces -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Sat Jun 12 2021 Elliott Sales de Andrade quantum.analyst@gmail.com - 2021.6.0-1 - Update to latest version (#1968578) * Fri Jun 4 2021 Python Maint python-maint@redhat.com - 2021.5.0-2 - Rebuilt for Python 3.10 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1968578 - python-fsspec-2021.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1968578 --------------------------------------------------------------------------------
================================================================================ rust-aom-sys-0.2.1-5.fc34 (FEDORA-2021-1c3f7963a5) FFI bindings to aom -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 0.2.1-5 - Rebuilt for aom v3.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ rust-cap-primitives-0.13.10-1.fc34 (FEDORA-2021-e7c408ca96) Capability-oriented primitives -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1969654 - Review Request: rust-cap-primitives - Capability-oriented primitives https://bugzilla.redhat.com/show_bug.cgi?id=1969654 --------------------------------------------------------------------------------
================================================================================ rust-zcomponents-0.1.1-1.fc34 (FEDORA-2021-bd20b8542e) Stupid component storage -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1971198 - Review Request: rust-zcomponents - ZComponents is a component storage https://bugzilla.redhat.com/show_bug.cgi?id=1971198 --------------------------------------------------------------------------------
================================================================================ seamonkey-2.53.7-5.fc34 (FEDORA-2021-1c3f7963a5) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Sun Jun 13 2021 Robert-Andr�� Mauchin zebob.m@gmail.com - 2.53.7-5 - Rebuilt for aom v3.1.1 - Add patch to build against nss 3.66 * Thu May 20 2021 Dmitry Butskoy Dmitry@Butskoy.name 2.53.7-4 - move extensions' localization data into the common langpack - fix cpu hogging on network link change when websockets are in use (mozbz#1633339) - better support of the obsoleting javascript versioning stuff (mozbz#1702903) - fix number formats (mozbz#1403319) - fix build with rust >= 1.52 (mozbz#1670538) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ vmaf-2.1.1-1.fc34 (FEDORA-2021-1c3f7963a5) Video Multi-Method Assessment Fusion -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2021-30473 Security fix for CVE-2021-30475 ---- Fix bug with 100% cpu utilization on network link change (or wakeup) when websockets are in use (well-known "github + polyfill addon and wakeup" issue), and backport some other improvements from upstream. -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 10 2021 Leigh Scott leigh123linux@gmail.com - 2.1.1-1 - Update to 2.1.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1961375 - CVE-2021-30473 libaom: aom_image.c in libaom frees memory that is not located on the heap https://bugzilla.redhat.com/show_bug.cgi?id=1961375 [ 2 ] Bug #1968017 - CVE-2021-30475 libaom: Buffer overflow in aom_dsp/noise_model.c https://bugzilla.redhat.com/show_bug.cgi?id=1968017 --------------------------------------------------------------------------------
================================================================================ why3-1.3.3-8.fc34 (FEDORA-2021-8b73a471c5) Software verification platform -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 8 2021 Jerry James loganjerry@gmail.com - 1.3.3-8 - Rebuild for ocaml-menhir 20210419 --------------------------------------------------------------------------------
================================================================================ zenon-0.8.4-23.fc34 (FEDORA-2021-8b73a471c5) Automated theorem prover for first-order classical logic -------------------------------------------------------------------------------- Update Information:
Changes in coq 8.13.2: - Fix crash when using `vm_compute` on an irreducible `PArray.set` - Fix crash when loading `.vo` files containing a `vm_compute` normalized primitive array - Fix `Ltac2.Array.init` computational complexity Changes in ocaml-menhir 20210310: - Menhir now detects and rejects grammars that have a cycle and grammars that exhibit hidden left recursion. A grammar has a cycle when a nonterminal symbol `A` expands (in one or more steps) to itself. This implies that the grammar is ambiguous. A grammar has hidden left recursion when a nonterminal symbol `A` expands (in one step) to `B beta`, where `B` expands (in zero or more steps) to nothing and `beta` expands (in zero or more steps) to `A ...`. This implies that the grammar is not in the class `LR(k)` for any value of `k`. Both of these anomalies create a shift/reduce conflict which, if resolved in favor of reduction, leads to a nonterminating parser. - Disallow the escape sequence `\n` in a token alias. It was allowed by mistake. Disallowing it ensures that the `## Concrete syntax:` comments generated as part of `.messages` files fit on a single line. - Internal changes in the expansion of `%inline` symbols, eliminating certain useless variable renamings that would appear in semantic actions after expansion. - Internal changes in the code back-end, eliminating certain useless bindings of variables to a unit value. Changes in ocaml-menhir 20210419: - Mention the demo `coq- minicalc` in the manual. - Parsers generated with the Coq mode now have support for non-certified basic error reporting without an additional parser. This is supported thanks to an extension of the return type `parse_result` in the coq- menhirlib library and thanks to the new generated helper function `Aut.N_of_state`. See the new demo `coq-syntax-errors` and the updated manual for more details. (Contributed by Brian Ward.) All other builds are simple rebuilds due to the changes above. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 8 2021 Jerry James loganjerry@gmail.com - 0.8.4-23 - Rebuild for coq 8.13.2 --------------------------------------------------------------------------------