The following Fedora 35 Security updates need testing:
Age URL
134
https://bodhi.fedoraproject.org/updates/FEDORA-2022-2e85e6cfc9
libdxfrw-1.0.1-3.fc35 librecad-2.2.0-0.13.rc3.fc35
127
https://bodhi.fedoraproject.org/updates/FEDORA-2022-dfc6924a11
mysql-connector-java-8.0.28-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9fe21d102
libtiff-4.4.0-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9b4f9af4ce grub2-2.06-11.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8fa7e5aeaf
ntfs-3g-2022.5.17-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1176b501f0
ntfs-3g-system-compression-1.0-9.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5ea8aa7518
python3-docs-3.10.5-1.fc35 python3.10-3.10.5-2.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c1e107f37f
python-bottle-0.12.21-2.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c9c02865f6
openssl-1.1.1o-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-589a0ad690
golang-github-emicklei-restful-3.8.0-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ec74ac4079
python2.7-2.7.18-22.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-48ab445ac5
dotnet6.0-6.0.106-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
29
https://bodhi.fedoraproject.org/updates/FEDORA-2022-eb6c837b39
annobin-10.73-1.fc35
13
https://bodhi.fedoraproject.org/updates/FEDORA-2022-065250af77
unbound-1.16.0-3.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e9fe21d102
libtiff-4.4.0-1.fc35
12
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0d96737a57
mtools-4.0.40-1.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-26c901e403
appstream-data-35-6.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9b4f9af4ce grub2-2.06-11.fc35
11
https://bodhi.fedoraproject.org/updates/FEDORA-2022-9e53cb5027
selinux-policy-35.18-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-3d0d42ab06 xen-4.15.2-4.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-e553e62c0d mesa-21.3.9-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-1176b501f0
ntfs-3g-system-compression-1.0-9.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8fa7e5aeaf
ntfs-3g-2022.5.17-1.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-57015a1d06
binutils-2.37-20.fc35
8
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5ea8aa7518
python3-docs-3.10.5-1.fc35 python3.10-3.10.5-2.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2022-5c359bdad4
mariadb-connector-c-3.2.7-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c9c02865f6
openssl-1.1.1o-1.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-ee69e90000
linux-firmware-20220610-135.fc35
4
https://bodhi.fedoraproject.org/updates/FEDORA-2022-75a51ebb0d nettle-3.8-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f5d6495a17
libxslt-1.1.35-2.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-0346da878d krb5-1.19.2-8.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-779270660d
livecd-tools-31.0-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-01aff217a3 pungi-4.3.5-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-f576993f5c
rygel-0.40.4-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-38f97e1c35
pipewire-0.3.52-3.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-6d2c62d6d6
systemd-249.12-5.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-73122722e6
dnsmasq-2.86-6.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d4990ace9c
alsa-lib-1.2.7.1-1.fc35 alsa-plugins-1.2.7.1-1.fc35 alsa-utils-1.2.7-1.fc35
python-alsa-1.2.7-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
bettercap-2.32.0-3.fc35
bubblemail-1.8-1.fc35
dkms-3.0.4-1.fc35
dl-fedora-0.9.3-1.fc35
dmlite-1.15.2-7.fc35
fish-3.5.0-1.fc35
gearhead1-1.310-8.fc35
ghc-http-directory-0.1.10-1.fc35
golang-github-google-cel-0.11.4-2.fc35
mold-1.3.0-1.fc35
python-rnc2rng-2.6.6-1.fc35
python-scikit-uplift-0.4.1-1.fc35
thc-ipv6-3.8-1.fc35
unrealircd-6.0.4-1.fc35
Details about builds:
================================================================================
bettercap-2.32.0-3.fc35 (FEDORA-2022-5cc1f77d18)
Tool for 802.11, BLE and Ethernet reconnaissance and MITM attacks
--------------------------------------------------------------------------------
Update Information:
Disable package_note on arm too
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.32.0-3
- Disable package_note on arm too
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.32.0-2
- Add workaround for package_note error
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 2.32.0-1
- Update to 2.32.0 Close: rhbz#1918319
* Fri Jun 17 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> - 2.28-10
- Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191,
CVE-2022-29526, CVE-2022-30629
--------------------------------------------------------------------------------
================================================================================
bubblemail-1.8-1.fc35 (FEDORA-2022-9d2b6797d9)
Extensible mail notification service
--------------------------------------------------------------------------------
Update Information:
Update to v1.8. This version introduces the option to connect to a mail server
through a proxy.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Alexander Ploumistos <alexpl(a)fedoraproject.org> - 1.8-1
- Update to 1.8
- Add python3-pysocks dependency for connecting through a proxy
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2098319 - bubblemail-1.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2098319
--------------------------------------------------------------------------------
================================================================================
dkms-3.0.4-1.fc35 (FEDORA-2022-2e84984a9d)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Various bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Simone Caronni <negativo17(a)gmail.com> - 3.0.4-1
- Update to 3.0.4.
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.0.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dl-fedora-0.9.3-1.fc35 (FEDORA-2022-599cd81576)
Fedora image download tool
--------------------------------------------------------------------------------
Update Information:
ghc-http-directory-0.1.10-1.fc35 -
https://hackage.haskell.org/package/http-
directory-0.1.10/changelog dl-fedora-0.9.3-1.fc35 - show timestamp of images
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 11 2022 Jens Petersen <petersen(a)redhat.com> - 0.9.3-1
- show timestamp of images
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.9.2-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Jan 8 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 0.9.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/LIBFFI34
--------------------------------------------------------------------------------
================================================================================
dmlite-1.15.2-7.fc35 (FEDORA-2022-4a46ca7375)
Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:
- Added new dependency on xrootd-voms - Fixed BDII ldif generation by new python
ldap3 module - Fixed main dCache config template
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Petr Vokac <petr.vokac(a)cern.ch> - 1.15.2-7
- Added new dependency on xrootd-voms
- Fixed BDII ldif generation by new python ldap3 module
- Fixed main dCache config template
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 1.15.2-6
- Rebuilt for Python 3.11
--------------------------------------------------------------------------------
================================================================================
fish-3.5.0-1.fc35 (FEDORA-2022-ad28c5db2d)
Friendly interactive shell
--------------------------------------------------------------------------------
Update Information:
Update to 3.5.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 17 2022 Siteshwar Vashisht <svashisht(a)redhat.com> 3.5.0-1
- Update to 3.5.0
--------------------------------------------------------------------------------
================================================================================
gearhead1-1.310-8.fc35 (FEDORA-2022-fa6a624d40)
Roguelike mecha role-playing game
--------------------------------------------------------------------------------
Update Information:
Fix installing doc files, get rid of wrapper scripts
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Artur Frenszek-Iwicki <fedora(a)svgames.pl> - 1.310-8
- Add a patch to change program data paths, instead of using a wrapper script
- Fix installing documentation (it is used by program at run-time)
--------------------------------------------------------------------------------
================================================================================
ghc-http-directory-0.1.10-1.fc35 (FEDORA-2022-599cd81576)
Http directory listing library
--------------------------------------------------------------------------------
Update Information:
ghc-http-directory-0.1.10-1.fc35 -
https://hackage.haskell.org/package/http-
directory-0.1.10/changelog dl-fedora-0.9.3-1.fc35 - show timestamp of images
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 11 2022 Jens Petersen <petersen(a)redhat.com> - 0.1.10-1
-
https://hackage.haskell.org/package/http-directory-0.1.10/changelog
--------------------------------------------------------------------------------
================================================================================
golang-github-google-cel-0.11.4-2.fc35 (FEDORA-2022-58b7d978d7)
Fast, portable, non-Turing complete expression evaluation
--------------------------------------------------------------------------------
Update Information:
Disable common/types/int_test.go for ARM too
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert-Andr�� Mauchin <zebob.m(a)gmail.com> 0.11.4-2
- Disable common/types/int_test.go for ARM too
* Fri Jun 10 2022 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> 0.11.4-1
- Update to 0.11.4 - Closes rhbz#1963633 rhbz#2045513
* Fri Jun 10 2022 Jerry James <loganjerry(a)gmail.com> - 0.7.0-4
- Generate the ANTLR parser from source
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
mold-1.3.0-1.fc35 (FEDORA-2022-cc7bb72480)
A Modern Linker
--------------------------------------------------------------------------------
Update Information:
Bump version to 1.3.0 (#2098316)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Christoph Erhardt <fedora(a)sicherha.de> - 1.3.0-1
- Bump version to 1.3.0 (#2098316)
- Drop upstreamed patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2098316 - mold-1.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2098316
--------------------------------------------------------------------------------
================================================================================
python-rnc2rng-2.6.6-1.fc35 (FEDORA-2022-0f076950d8)
RELAX NG Compact to regular syntax conversion library
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.6
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 2.6.6-1
- Update to 2.6.6
- Remove obsolete macro
* Mon Jun 13 2022 Python Maint <python-maint(a)redhat.com> - 2.6.1-13
- Rebuilt for Python 3.11
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 2.6.1-12
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1821557 - python-rnc2rng-2.6.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1821557
[ 2 ] Bug #2019081 - python-rnc2rng: FTBFS in Fedora Rawhide, 2to3 removed in setuptools
58+
https://bugzilla.redhat.com/show_bug.cgi?id=2019081
--------------------------------------------------------------------------------
================================================================================
python-scikit-uplift-0.4.1-1.fc35 (FEDORA-2022-3d3ed49b6e)
Uplift modeling in scikit-learn style in python
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.1
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.4.1-1
- Update to 0.4.1
* Fri Jan 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.4.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Nov 10 2021 Iztok Fister Jr. <iztokf AT fedoraproject DOT org> - 0.4.0-1
- New version of package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2098201 - python-scikit-uplift-0.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2098201
--------------------------------------------------------------------------------
================================================================================
thc-ipv6-3.8-1.fc35 (FEDORA-2022-100a0e781c)
Toolkit for attacking the IPv6 protocol suite
--------------------------------------------------------------------------------
Update Information:
# THC IPv6 attack toolkit v3.8 * Fixed crash in `thcping6` with `-n 0` or
larger values * Fixed minor issues * Honors now `CC` and `CLAGS` environment
variables and compiles with `clang` * Fixed various issues * New code
indention # THC IPv6 attack toolkit v3.6 * Long interface names are now
supported * Added error check for openssl `BN_` functions * Added support
for global destinations for `dump_dhcp6` * Added new tool: `connect6`, useful
for tcp6 connect pings * Added `-i` microseconds interval option for `smurf6`
and `thcsyn6` * Added `-w` timeout option to `thcping6`
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert Scheck <robert(a)fedoraproject.org> - 3.8-1
- Upgrade to 3.8 (#1902857)
- Spec file modernization including support for RHEL/CentOS 7
- Remove perl(Socket6) dependency (thanks to Michal Josef ��pa��ek)
* Sat Jan 22 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 3.4-11
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 3.4-10
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1902857 - thc-ipv6-3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1902857
--------------------------------------------------------------------------------
================================================================================
unrealircd-6.0.4-1.fc35 (FEDORA-2022-4a531dff43)
Open Source IRC server
--------------------------------------------------------------------------------
Update Information:
# UnrealIRCd 6.0.4 This release comes with lots of features and enhancements. In
particular, security groups and mask items now allow you to write cleaner and
more flexible configuration files. There are also JSON logging enhancements and
several bug fixes. ## Enhancements * Show security groups in `WHOIS` * The
[
security-group](https://www.unrealircd.org/docs/Security-group_block) block has
been expanded and the same functionality is now available in [mask
items](https://www.unrealircd.org/docs/Mask_item) too: * This means the
existing options like `identified`, `webirc`, `tls` and `reputation-score` can
be used in `allow::mask` etc. * New options (in both security-group and
mask) are: * `connect-time`: time a user is connected to IRC *
`security-group`: to check another security group * `account`: services
account name * `country`: country code, as found by GeoIP *
`realname`: realname (gecos) of the user * `certfp`: certificate
fingerprint * Every option also has an exclude- variant, e.g. `exclude-
country`. If a user matches any `exclude-` option then it is considered not a
match. * The modules
[
connthrottle](https://www.unrealircd.org/docs/Connthrottle), [restrict-
commands](https://www.unrealircd.org/docs/Set_block#set::restrict-commands) and
[
antirandom](https://www.unrealircd.org/docs/Set_block#set::antirandom) now use
the new `except` sub-block which is a mask item. The old syntax (e.g.
`set::antirandom::except-webirc`) is still accepted by UnrealIRCd and converted
to the appropriate new setting behind the scenes
(`set::antirandom::except::webirc`). * The modules
[
blacklist](https://www.unrealircd.org/docs/Blacklist_block) and
[
antimixedutf8](https://www.unrealircd.org/docs/Set_block#set::antimixedutf8)
now also support the `except` block (a mask item). * Other than that the
extended functionality is available in these blocks: `allow`, `oper`, `tld`,
`vhost`, `deny channel`, `allow channel`. * Example of direct use in a
::mask item: ``` /* Spanish MOTD for Spanish speaking countries */ tld {
mask { country { ES; AR; BO; CL; CO; CR; DO; EC; SV; GT; HN; MX; NI; PA; PY; PE;
PR; UY; VE; } } motd "motd.es.txt"; rules "rules.es.txt"; }
``` *
Example of defining a security group and using it in a mask item later: ```
security-group irccloud { mask { ip1; ip2; ip3; ip4; } } allow { mask {
security-group irccloud; } class clients; maxperip 128; } except ban {
mask { security-group irccloud; } type { blacklist; connect-flood;
handshake-data-flood; } } ``` * Because the mask item is so powerful now, the
`password` in the [oper
block](https://www.unrealircd.org/docs/Oper_block) is
optional now. * We now support `oper::auto-login`, which means the user will
become IRCOp automatically if they match the conditions on-connect. This can be
used in combination with [certificate
fingerprint](https://www.unrealircd.org/docs/Certificate_fingerprint)
authentication for example: ``` security-group Syzop { certfp "1234etc."; }
oper
Syzop { auto-login yes; mask { security-group Syzop; } operclass
netadmin-with-override; class opers; } except ban { mask { security-
group Syzop; } type all; } ``` * For [JSON
logging](https://www.unrealircd.org/docs/JSON_logging) a number of fields were
added when a client is expanded: * `geoip`: with subitem `country_code`
(e.g. NL) * `tls`: with subitems `cipher` and `certfp` * Under subitem
`users`: * `vhost`: if the visible host differs from the realhost then
this is set (thus for both vhost and cloaked host) * `cloakedhost`: this
is always set (except for e.g. services users), even if the user is not cloaked
so you can easily search on a cloaked host. * `idle_since`: last time the
user has spoken (local clients only) * `channels`: list of channels
(array), with a maximum of 384 chars. * The JSON logging now also strips ASCII
below 32, so color- and control codes. * Support IRCv3 `+draft/channel-
context` * Add `example.es.conf` (Spanish example configuration file) * The
country of users is now communicated in the [message-
tag](https://www.unrealircd.org/docs/Message_tags) `unrealircd.org/geoip` (only
to IRCOps). * Add support for linking servers via UNIX domain sockets
(`link::outgoing::file`). ## Fixes * Crash in `except ban` with `~security-
group:xyz` * Crash if hideserver module was loaded but `LINKS` was not
blocked. * Infinite loop if one security-group referred to another. *
Duplicate entries in the `+beI` lists of `+P` channels. * Regular users were
able to `-o` a service bot (that has umode `+S`) * Module manager did not stop
on compile error * [`set::modes-on-
join`](https://www.unrealircd.org/docs/Set_block#set::modes-on-join) did not
work with `+f` + timed bans properly, e.g. `[3t#b1]:10` * Several log messages
were missing some information. * Reputation syncing across servers had a small
glitch. Fix is mostly useful for servers that were not linked to the network for
days or weeks. ## Changes * Clarified that UnrealIRCd is licensed as "GPLv2
or later" * Fix use of variables in [`set::reject-
message`](https://www.unrealircd.org/docs/Set_block#set::reject-message) and in
[`blacklist::reason`](https://www.unrealircd.org/docs/Blacklist_block):
previously short forms of variables were (unintentionally) expanded as well,
such as `$serv` for `$server`. This is no longer supported, you need to use the
correct full variable names. ## Developers and protocol * The `creationtime`
is now communicated of users. Until now this information was only known locally
(the thing that was communicated that came close was "last nick change" but
that
is not the same). This is synced via (early) moddata across servers. Module
coders can use `get_connected_time()`. * The `RPL_HOSTHIDDEN` is now sent from
`userhost_changed()` so you don't explicitly send it yourself anymore. * The
`SVSO` command is back, so services can make people IRCOp again. See `HELPOP
SVSO` or [the
commit](https://github.com/unrealircd/unrealircd/commit/50e5d91c79
8e7d07ca0c68d9fca302a6b6610786) for more information. * Due to last change the
`HOOKTYPE_LOCAL_OPER` parameters were changed. * Module coders can enhance the
[JSON
logging](https://www.unrealircd.org/docs/JSON_logging) expansion items for
clients and channels via new hooks like `HOOKTYPE_JSON_EXPAND_CLIENT`. This is
used by the geoip and tls modules.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 18 2022 Robert Scheck <robert(a)fedoraproject.org> 6.0.4-1
- Upgrade to 6.0.4 (#2090417)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2090417 - unrealircd-6.0.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2090417
--------------------------------------------------------------------------------