The following Fedora 35 Security updates need testing:
Age URL
45
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4c0f58bf07
mysql-connector-java-8.0.27-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-22594d9eb0
chromium-96.0.4664.110-3.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-bef1126908
mediawiki-1.36.3-1.fc35
2
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d01df8835e
mbedtls-2.16.12-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-d7347d9432
roundcubemail-1.5.2-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-21e8372c42
perl-CPAN-2.29-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
38
https://bodhi.fedoraproject.org/updates/FEDORA-2021-12f6c46ad8 qemu-6.1.0-13.fc35
10
https://bodhi.fedoraproject.org/updates/FEDORA-2021-fd774f1eaf
libguestfs-1.46.2-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-8800fc9d57
libcap-ng-0.8.2-8.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-312c703bf0
libwebp-1.2.1-2.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2022-c83b2122bf git-2.34.1-1.fc35
The following builds have been pushed to Fedora 35 updates-testing
aisleriot-3.22.20-1.fc35
amavisd-milter-1.7.2-1.fc35
auditwheel-5.1.1-1.fc35
domoticz-2021.1-8.fc35
dunst-1.7.3-2.fc35
efl-1.26.1-1.fc35
enlightenment-0.25.1-1.fc35
fedora-messaging-3.0.0-1.fc35
fotoxx-22.1-1.fc35
gegl04-0.4.34-1.fc35
ghc9.0-9.0.2-3.fc35
ghc9.2-9.2.1-5.fc35
golang-tinygo-x-llvm-0-0.28.20220104git1ddc904.fc35
jdupes-1.20.2-2.fc35
json-3.10.5-1.fc35
libuev-2.4.0-1.fc35
mingw-harfbuzz-2.9.1-1.fc35
mutt-2.1.5-1.fc35
nbdkit-1.28.4-1.fc35
netpbm-10.97.00-1.fc35
perl-HTTP-Message-6.35-1.fc35
perl-Module-cpmfile-0.005-1.fc35
php-composer-semver3-3.2.7-1.fc35
php-pecl-lzf-1.7.0-1.fc35
php-symfony-polyfill-1.23.2-1.fc35
php-twig2-2.14.10-1.fc35
php-twig3-3.3.7-1.fc35
pipx-1.0.0-1.fc35
python-colored-traceback-0.3.0-1.fc35
python-dbusmock-0.25.0-1.fc35
python-executing-0.8.2-1.fc35
python-paramiko-2.9.1-1.fc35
python-pynetdicom-2.0.1-1.fc35
python-pytest-regressions-2.3.0-1.fc35
python-requests-2.27.0-1.fc35
python-trimesh-3.9.39-1.fc35
python-urllib3-1.26.7-2.fc35
python-yfinance-0.1.68-1.fc35
rubygem-rake-compiler-1.1.7-1.fc35
terminology-1.12.1-1.fc35
vdr-epg-daemon-1.2.1-1.fc35
vdr-epg2vdr-1.2.5-1.fc35
wine-7.0-0.4rc4.fc35
wmbusmeters-1.6.0-1.fc35
xpra-4.3-1.fc35
Details about builds:
================================================================================
aisleriot-3.22.20-1.fc35 (FEDORA-2022-a1354d95a9)
A collection of card games
--------------------------------------------------------------------------------
Update Information:
Update to 3.22.20 * Fix Spider 3 Decks with Guile 3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 David King <amigadave(a)amigadave.com> - 1:3.22.20-1
- Update to 3.22.20
- Fix game logic bug with Guile 3 (#2035617)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035617 - multiple games broken since update to version 3.22.19
https://bugzilla.redhat.com/show_bug.cgi?id=2035617
--------------------------------------------------------------------------------
================================================================================
amavisd-milter-1.7.2-1.fc35 (FEDORA-2022-685e14684a)
Sendmail milter for amavisd-new using the AM.PDP protocol
--------------------------------------------------------------------------------
Update Information:
# amavisd-milter 1.7.2 ## Bug and compatibility fixies * The `SMTP_AUTH*`
attributes are missing in `policy_bank`
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Robert Scheck <robert(a)fedoraproject.org> 1.7.2-1
- Upgrade to 1.7.2 (#2036828)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036828 - amavisd-milter-1.7.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036828
--------------------------------------------------------------------------------
================================================================================
auditwheel-5.1.1-1.fc35 (FEDORA-2022-9207e68699)
Cross-distribution Linux wheels auditing and relabeling
--------------------------------------------------------------------------------
Update Information:
Auditwheel 5.1:
https://github.com/pypa/auditwheel/blob/main/CHANGELOG.md#511
and
https://github.com/pypa/auditwheel/blob/main/CHANGELOG.md#510
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Miro Hron��ok <mhroncok(a)redhat.com> - 5.1.1-1
- Update to 5.1.1
- Fixes: rhbz#2036781
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036781 - auditwheel-5.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036781
--------------------------------------------------------------------------------
================================================================================
domoticz-2021.1-8.fc35 (FEDORA-2022-56465832c9)
Open source Home Automation System
--------------------------------------------------------------------------------
Update Information:
Symlink the /usr/share/domoticz/www/templates directory to
/var/lib/domoticz/templates so that users can easily add their custom web page
template files.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Michael Cronenworth <mike(a)cchtml.com> - 2021.1-8
- Symlink web page templates directory (RHBZ#1975094)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1975094 - /usr/share/domoticz/www/templates needs to be writeable by
domoticz
https://bugzilla.redhat.com/show_bug.cgi?id=1975094
--------------------------------------------------------------------------------
================================================================================
dunst-1.7.3-2.fc35 (FEDORA-2022-7119d8cd97)
Lightweight and customizable notification-daemon
--------------------------------------------------------------------------------
Update Information:
Add /usr/bin/dbus-send dependency (#2035681)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Aleksei Bavshin <alebastr(a)fedoraproject.org> - 1.7.3-2
- Add /usr/bin/dbus-send dependency (#2035681)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035681 - history notifications do not work without dbus-tools
https://bugzilla.redhat.com/show_bug.cgi?id=2035681
--------------------------------------------------------------------------------
================================================================================
efl-1.26.1-1.fc35 (FEDORA-2022-783334b220)
Collection of Enlightenment libraries
--------------------------------------------------------------------------------
Update Information:
Bugfix update. ---- Update efl and enlightenment to latest stable.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Tom Callaway <spot(a)fedoraproject.org> - 1.26.1-1
- update to 1.26.1
* Wed Dec 29 2021 Tom Callaway <spot(a)fedoraproject.org> - 1.26.0-1
- update to 1.26.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035644 - efl-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2035644
[ 2 ] Bug #2035645 - enlightenment-0.25.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2035645
[ 3 ] Bug #2036539 - efl-1.26.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036539
[ 4 ] Bug #2036540 - enlightenment-0.25.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036540
--------------------------------------------------------------------------------
================================================================================
enlightenment-0.25.1-1.fc35 (FEDORA-2022-783334b220)
Enlightenment window manager
--------------------------------------------------------------------------------
Update Information:
Bugfix update. ---- Update efl and enlightenment to latest stable.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Tom Callaway <spot(a)fedoraproject.org> - 0.25.1-1
- update to 0.25.1
* Wed Dec 29 2021 Tom Callaway <spot(a)fedoraproject.org> - 0.25.0-1
- update to 0.25.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035644 - efl-1.26.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2035644
[ 2 ] Bug #2035645 - enlightenment-0.25.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2035645
[ 3 ] Bug #2036539 - efl-1.26.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036539
[ 4 ] Bug #2036540 - enlightenment-0.25.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036540
--------------------------------------------------------------------------------
================================================================================
fedora-messaging-3.0.0-1.fc35 (FEDORA-2022-9d7ba68576)
Set of tools for using Fedora's messaging infrastructure
--------------------------------------------------------------------------------
Update Information:
Update to version 3.0.0. This is a major release with backwards incompatible
changes, see the release notes for details.
https://fedora-
messaging.readthedocs.io/en/stable/changelog.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Aurelien Bompard <abompard(a)fedoraproject.org> - 3.0.0-1
- Update to 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2029790 - fedora-messaging-3.0.0b1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2029790
--------------------------------------------------------------------------------
================================================================================
fotoxx-22.1-1.fc35 (FEDORA-2022-2e0d648c0b)
Photo editor
--------------------------------------------------------------------------------
Update Information:
22.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Gwyn Ciesla <gwync(a)protonmail.com> - 22.1-1
- 22.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036428 - fotoxx-22.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036428
--------------------------------------------------------------------------------
================================================================================
gegl04-0.4.34-1.fc35 (FEDORA-2022-a1c5b18362)
Graph based image processing framework
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2021-45463
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Josef Ridky <jridky(a)redhat.com> - 0.4.34-1
- New upstream release 0.4.34
- Fix CVE-2021-45463
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035383 - CVE-2021-45463 gegl: shell expansion via a crafted pathname
https://bugzilla.redhat.com/show_bug.cgi?id=2035383
--------------------------------------------------------------------------------
================================================================================
ghc9.0-9.0.2-3.fc35 (FEDORA-2022-ec3fc8de51)
Glasgow Haskell Compiler
--------------------------------------------------------------------------------
Update Information:
ghc-9.0.2 which can be parallel installed next to the ghc package
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 31 2021 Jens Petersen <petersen(a)redhat.com> - 9.0.2-3
- add compiler-default subpackage
- move docs to ghc9.0/ dir
- add 9.0 suffix to ghc.1 manpage
* Sun Dec 26 2021 Jens Petersen <petersen(a)redhat.com> - 9.0.2-2
- update to 9.0.2
-
https://downloads.haskell.org/~ghc/9.0.2/docs/html/users_guide/9.0.2-note...
- use llvm11 for ARM
* Thu Dec 23 2021 Jens Petersen <petersen(a)redhat.com> - 9.0.1-1
- initial package derived from ghc:9.0 and ghc9.2
-
https://downloads.haskell.org/ghc/9.0.1/docs/html/users_guide/9.0.1-notes...
- uses llvm10 on ARM archs
--------------------------------------------------------------------------------
================================================================================
ghc9.2-9.2.1-5.fc35 (FEDORA-2022-c2afbe3d1d)
Glasgow Haskell Compiler
--------------------------------------------------------------------------------
Update Information:
- new compiler-default subpackage - can now be parallel installed including doc
subpackages - enable the armv7 VFPv3D16 patch
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 31 2021 Jens Petersen <petersen(a)redhat.com> - 9.2.1-5
- enable the armv7 VFPv3D16 patch
* Wed Dec 29 2021 Jens Petersen <petersen(a)redhat.com> - 9.2.1-4
- place docs under ghc9.2, so they can also be parallel installed
- make hadrian perf build respect ghc_prof
* Mon Dec 27 2021 Jens Petersen <petersen(a)redhat.com> - 9.2.1-3
- compiler-default subpackage can provide the unversioned bindir files
--------------------------------------------------------------------------------
================================================================================
golang-tinygo-x-llvm-0-0.28.20220104git1ddc904.fc35 (FEDORA-2022-cc95216a6a)
Go bindings to a system-installed LLVM
--------------------------------------------------------------------------------
Update Information:
Update to latest commit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> 0-0.28
- Update to latest commit
--------------------------------------------------------------------------------
================================================================================
jdupes-1.20.2-2.fc35 (FEDORA-2022-d188fec35d)
Duplicate file finder and an enhanced fork of 'fdupes'
--------------------------------------------------------------------------------
Update Information:
Enable dedupe support in jdupes(1)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 David Cantrell <dcantrell(a)redhat.com> - 1.20.2-2
- Forgot to update the sources file in dist-git
* Tue Jan 4 2022 David Cantrell <dcantrell(a)redhat.com> - 1.20.2-1
- Drop Makefile patch, pass ENABLE_DEDPUE=1 HARDEN=1 to build
- Upgrade to jdupes-1.20.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1988738 - Does not actually ENABLE_DEDUPE during compile for btrfs CoW
deduplication
https://bugzilla.redhat.com/show_bug.cgi?id=1988738
--------------------------------------------------------------------------------
================================================================================
json-3.10.5-1.fc35 (FEDORA-2022-74f9f34f07)
JSON for Modern C++
--------------------------------------------------------------------------------
Update Information:
Updated to version 3.10.5.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Vitaly Zaitsev <vitaly(a)easycoding.org> - 3.10.5-1
- Updated to version 3.10.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036749 - json-3.10.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036749
--------------------------------------------------------------------------------
================================================================================
libuev-2.4.0-1.fc35 (FEDORA-2022-3d1eb90951)
Simple event loop for Linux
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 3 2021 Alessio <alessio(a)fedoraproject.org> - 2.4.0-1
- New release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2010095 - libuev-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2010095
--------------------------------------------------------------------------------
================================================================================
mingw-harfbuzz-2.9.1-1.fc35 (FEDORA-2022-a03b13b4d2)
MinGW Windows Harfbuzz library
--------------------------------------------------------------------------------
Update Information:
Update to 2.9.1 to fix CVE-2021-45931.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Sandro Mani <manisandro(a)gmail.com> - 2.9.1-1
- Update to 2.9.1
- Fixes CVE-2021-45931
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036822 - CVE-2021-45931 mingw-harfbuzz: harfbuzz: out-of-bounds write in
hb_bit_set_invertible_t::set [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2036822
--------------------------------------------------------------------------------
================================================================================
mutt-2.1.5-1.fc35 (FEDORA-2022-09aadfc401)
A text mode mail user agent
--------------------------------------------------------------------------------
Update Information:
Upgrade to 2.1.5
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Matej Mu��ila <mmuzila(a)redhat.com> - 5:2.1.5-1
- Upgrade to 2.1.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2031422 - mutt-2.1.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2031422
--------------------------------------------------------------------------------
================================================================================
nbdkit-1.28.4-1.fc35 (FEDORA-2022-c41a57e65e)
NBD server
--------------------------------------------------------------------------------
Update Information:
New upstream stable branch version 1.28.4
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Richard W.M. Jones <rjones(a)redhat.com> - 1.28.4-1
- New upstream stable branch version 1.28.4
--------------------------------------------------------------------------------
================================================================================
netpbm-10.97.00-1.fc35 (FEDORA-2022-98fd620013)
A library for handling different graphics file formats
--------------------------------------------------------------------------------
Update Information:
New upstream release 10.97.00
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Josef Ridky <jridky(a)redhat.com> - 10.97.00-1
- New upstream release 10.97.00 (#2035806)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035806 - netpbm-10.97.00 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2035806
--------------------------------------------------------------------------------
================================================================================
perl-HTTP-Message-6.35-1.fc35 (FEDORA-2022-5bb8ca4ef4)
HTTP style message
--------------------------------------------------------------------------------
Update Information:
Changes: * Clarify documentation for decoded_content (GH#166) (Eric Wastl)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Michal Josef ��pa��ek <mspacek(a)redhat.com> - 6.35-1
- 6.35 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2022551 - perl-HTTP-Message-6.35 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2022551
--------------------------------------------------------------------------------
================================================================================
perl-Module-cpmfile-0.005-1.fc35 (FEDORA-2022-a6e56ac54d)
Parse cpmfile
--------------------------------------------------------------------------------
Update Information:
0.005 - Add from_cpanmeta method 0.004 - Add to_string method
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Jitka Plesnikova <jplesnik(a)redhat.com> - 0.005-1
- 0.005 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036437 - perl-Module-cpmfile-0.005 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036437
--------------------------------------------------------------------------------
================================================================================
php-composer-semver3-3.2.7-1.fc35 (FEDORA-2022-83efd1d35c)
Semver library version 3
--------------------------------------------------------------------------------
Update Information:
**Version 3.2.7** 2022-01-04 * Fixed: typo in type definition of Intervals
class causing issues with Psalm scanning vendors
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Remi Collet <remi(a)remirepo.net> - 3.2.7-1
- update to 3.2.7
--------------------------------------------------------------------------------
================================================================================
php-pecl-lzf-1.7.0-1.fc35 (FEDORA-2022-f57f2667da)
Extension to handle LZF de/compression
--------------------------------------------------------------------------------
Update Information:
**Version 1.7.0** - add type hinting
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Remi Collet <remi(a)remirepo.net> - 1.7.0-1
- update to 1.7.0
--------------------------------------------------------------------------------
================================================================================
php-symfony-polyfill-1.23.2-1.fc35 (FEDORA-2022-1584e73845)
Symfony polyfills backporting features to lower PHP versions
--------------------------------------------------------------------------------
Update Information:
Version 2.13.2
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Remi Collet <remi(a)remirepo.net> - 1.23.2-1
- update to 1.23.2
--------------------------------------------------------------------------------
================================================================================
php-twig2-2.14.10-1.fc35 (FEDORA-2022-9c26236790)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 2.14.10** (2022-01-03) * Allow more null arguments when Twig expects
a string (for better 8.1 support) ---- **Version 2.14.9** (2022-01-03) *
Allow null when Twig expects a string (for better 8.1 support) * Add support for
PHP 7.1 back * Make some performance optimizations * Allow Symfony translation
contract v3+
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Remi Collet <remi(a)remirepo.net> - 2.14.10-1
- update to 2.14.10
* Mon Jan 3 2022 Remi Collet <remi(a)remirepo.net> - 2.14.9-1
- update to 2.14.9
--------------------------------------------------------------------------------
================================================================================
php-twig3-3.3.7-1.fc35 (FEDORA-2022-6ee02ed4e1)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
**Version 3.3.7** (2022-01-03) * Allow more null support when Twig expects a
string (for better 8.1 support) * Only use Commonmark extensions if markdown
enabled ---- **Version 3.3.6** (2022-01-03) * Only use Commonmark extensions
if markdown enabled ---- **Version 3.3.5** (2022-01-03) * Allow CommonMark
extensions to easily be added * Allow null when Twig expects a string (for
better 8.1 support) * Make some performance optimizations * Allow Symfony
translation contract v3+
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Remi Collet <remi(a)remirepo.net> - 3.3.7-1
- update to 3.3.7
* Mon Jan 3 2022 Remi Collet <remi(a)remirepo.net> - 3.3.6-1
- update to 3.3.6
* Mon Jan 3 2022 Remi Collet <remi(a)remirepo.net> - 3.3.5-1
- update to 3.3.5
--------------------------------------------------------------------------------
================================================================================
pipx-1.0.0-1.fc35 (FEDORA-2022-07bb937262)
Install and run Python applications in isolated environments
--------------------------------------------------------------------------------
Update Information:
Update to 1.0.0, and drop hand-written downstream man pages in favor of the new
generated man page provided by upstream. **1.0.0** - Support [argcomplete
2.0.0](https://pypi.org/project/argcomplete/2.0.0) (#790) - Include machinery to
build a manpage for pipx with [argparse-
manpage](https://pypi.org/project/argparse-manpage/). - Add better handling for
'app not found' when a single app is present in the project, and an improved
error message - Fixed animations sending output to stdout, which can break JSON
output. - Fix typo in `pipx upgrade-all` output **0.17.0** - Support `pipx
run` with version constraints and extras.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 1.0.0-1
- Update to 1.0.0 (close RHBZ#2007950)
* Fri Dec 10 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-7
- Don���t bother setting PYTHONPATH for register-python-argcomplete
* Tue Dec 7 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-6
- Simplify PYTHONPATH for generating completions
* Tue Dec 7 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-5
- Generate completions without a temporary install
* Fri Oct 29 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-4
- Use the new %pyproject_check_import macro
* Mon Oct 25 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-3
- Use %python3 macro instead of %__python3
* Tue Sep 28 2021 Benjamin A. Beasley <code(a)musicinmybrain.net> 0.16.5-2
- Update spec file comment about mkdocs
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2007950 - pipx-0.17.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2007950
--------------------------------------------------------------------------------
================================================================================
python-colored-traceback-0.3.0-1.fc35 (FEDORA-2022-e3f50b7638)
A library to color exception traces
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2021 W. Michael Petullo <mike(a)flyn.org> - 0.3.0-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2033702 - F36FailsToInstall: python3-pwntools
https://bugzilla.redhat.com/show_bug.cgi?id=2033702
[ 2 ] Bug #2033730 - Review Request: python-colored-traceback - a library to color
exception traces
https://bugzilla.redhat.com/show_bug.cgi?id=2033730
--------------------------------------------------------------------------------
================================================================================
python-dbusmock-0.25.0-1.fc35 (FEDORA-2022-1022269505)
Mock D-Bus objects
--------------------------------------------------------------------------------
Update Information:
- bluez template: Implement adapter discovery, connect, disconnect, and removal
(thanks Bastien Nocera) - Fix changing array properties (thanks Jonas ��dahl) -
Fix CLI upower tests (thanks Marco Trevisan) - Add testing and Fedora updating
through packit
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 25 2021 Packit Service <user-cont-team+packit-service(a)redhat.com> -
0.25.0-1
- bluez template: Implement adapter discovery, connect, disconnect, and removal
(thanks Bastien Nocera)
- Fix changing array properties (thanks Jonas ��dahl)
- Fix CLI upower tests (thanks Marco Trevisan)
- Add testing and Fedora updating through packit
--------------------------------------------------------------------------------
================================================================================
python-executing-0.8.2-1.fc35 (FEDORA-2022-88986e0176)
Python library for inspecting the current frame run footprint
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 27 2021 Roman Inflianskas <rominf(a)aiven.io> - 0.8.2-1
- Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2035875 - Review Request: python-executing - Python library for inspecting
the current frame run footprint
https://bugzilla.redhat.com/show_bug.cgi?id=2035875
--------------------------------------------------------------------------------
================================================================================
python-paramiko-2.9.1-1.fc35 (FEDORA-2022-ddd33f1a78)
SSH2 protocol library for python
--------------------------------------------------------------------------------
Update Information:
This update adds support for SHA-2 variants of RSA key verification algorithms
(as described in RFC 8332) as well as limited SSH extension negotiation (RFC
8308).
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 25 2021 Paul Howarth <paul(a)city-fan.org> - 2.9.1-1
- Update to 2.9.1
- Server-side support for 'rsa-sha2-256' and 'ssh-rsa' wasn't fully
operable
after 2.9.0's release (signatures for RSA pubkeys were always run through
'rsa-sha2-512' instead) (GH#1935)
* Fri Dec 24 2021 Paul Howarth <paul(a)city-fan.org> - 2.9.0-1
- Update to 2.9.0
- Add support for SHA-2 variants of RSA key verification algorithms (as
described in RFC 8332) as well as limited SSH extension negotiation (RFC
8308) (GH#1326, GH#1643, GH#1644, GH#1925)
How SSH servers/clients decide when and how to use this functionality can be
complicated; Paramiko's support is as follows:
- Client verification of server host key during key exchange will now prefer
rsa-sha2-512, rsa-sha2-256, and legacy ssh-rsa algorithms, in that order,
instead of just ssh-rsa
- Note that the preference order of other algorithm families such as
ed25519 and ecdsa has not changed; for example, those two groups are still
preferred over RSA
- Server mode will now offer all 3 RSA algorithms for host key verification
during key exchange, similar to client mode, if it has been configured
with an RSA host key
- Client mode key exchange now sends the ext-info-c flag signaling support
for MSG_EXT_INFO, and support for parsing the latter (specifically, its
server-sig-algs flag) has been added
- Client mode, when performing public key authentication with an RSA key or
cert, will act as follows:
- In all cases, the list of algorithms to consider is based on the new
preferred_pubkeys list and disabled_algorithms; this list, like with
host keys, prefers SHA2-512, SHA2-256 and SHA1, in that order
- When the server does not send server-sig-algs, Paramiko will attempt
the first algorithm in the above list; clients connecting to legacy
servers should thus use disabled_algorithms to turn off SHA2
- When the server does send server-sig-algs, the first algorithm
supported by both ends is used, or if there is none, it falls back to
the previous behavior
- SSH agent support grew the ability to specify algorithm flags when
requesting private key signatures; this is now used to forward SHA2
algorithms when appropriate
- Server mode is now capable of pubkey auth involving SHA-2 signatures from
clients, provided one's server implementation actually provides for doing
so; this includes basic support for sending MSG_EXT_INFO (containing
server-sig-algs only) to clients advertising ext-info-c in their key
exchange list
In order to implement the above, the following API additions were made:
- 'PKey.sign_ssh_data <paramiko.pkey.PKey>': Grew an extra, optional
'algorithm' keyword argument (defaulting to 'None' for most
subclasses,
and to "ssh-rsa" for '~paramiko.rsakey.RSAKey')
- A new '~paramiko.ssh_exception.SSHException' subclass was added,
'~paramiko.ssh_exception.IncompatiblePeer', and is raised in all spots
where key exchange aborts due to algorithmic incompatibility; like all
other exceptions in that module, it inherits from 'SSHException', and as
nothing else was changed about the raising (i.e. the attributes and
message text are the same) this change is backwards compatible
- '~paramiko.transport.Transport' grew a '_preferred_pubkeys'
attribute and
matching 'preferred_pubkeys' property to match the other, kex-focused,
such members; this allows client pubkey authentication to honor the
'disabled_algorithms' feature
* Mon Nov 29 2021 Paul Howarth <paul(a)city-fan.org> - 2.8.1-1
- Update to 2.8.1
- Fix listdir failure when server uses a locale (GH#985, GH#992); now on
Python 2.7 SFTPAttributes will decode abbreviated month names correctly
rather than raise 'UnicodeDecodeError'
- Deleting items from '~paramiko.hostkeys.HostKeys' would incorrectly raise
'KeyError' even for valid keys, due to a logic bug (GH#1024)
- Update RSA and ECDSA key decoding subroutines to correctly catch exception
types thrown by modern versions of Cryptography (specifically 'TypeError'
and its internal 'UnsupportedAlgorithm') (GH#1257, GH#1266); these
exception classes will now become '~paramiko.ssh_exception.SSHException'
instances instead of bubbling up
- Update '~paramiko.pkey.PKey' and subclasses to compare ('__eq__') via
direct field/attribute comparison instead of hashing (while retaining the
existing behavior of '__hash__' via a slight refactor) (GH#908)
Warning:
This fixes a security flaw! If you are running Paramiko on 32-bit systems
with low entropy (such as any 32-bit Python 2, or a 32-bit Python 3 that is
running with 'PYTHONHASHSEED=0') it is possible for an attacker to craft a
new keypair from an exfiltrated public key, which Paramiko would consider
equal to the original key.
This could enable attacks such as, but not limited to, the following:
- Paramiko server processes would incorrectly authenticate the attacker
(using their generated private key) as if they were the victim. We see
this as the most plausible attack using this flaw.
- Paramiko client processes would incorrectly validate a connected server
(when host key verification is enabled) while subjected to a
man-in-the-middle attack. This impacts more users than the server-side
version, but also carries higher requirements for the attacker, namely
successful DNS poisoning or other MITM techniques.
* Mon Oct 11 2021 Paul Howarth <paul(a)city-fan.org> - 2.8.0-1
- Update to 2.8.0
- Administrivia overhaul, including but not limited to:
- Migrate CI to CircleCI
- Primary dev branch is now 'main' (renamed)
- Many README edits for clarity, modernization etc.; including a bunch more
(and consistent) status badges and unification with main project site
index
- PyPI page much more fleshed out (long_description is now filled in with
the README; sidebar links expanded; etc.)
- flake8, pytest configs split out of setup.cfg into their own files
- Invoke/invocations (used by maintainers/contributors) upgraded to modern
versions
- Newer server-side key exchange algorithms not intended to use SHA1
(diffie-hellman-group14-sha256, diffie-hellman-group16-sha512) were
incorrectly using SHA1 after all, due to a bug causing them to ignore the
'hash_algo' class attribute; this has been corrected (GH#1452, GH#1882)
- Add a 'prefetch' keyword argument to
'SFTPClient.get'/'SFTPClient.getfo' so
that users who need to skip SFTP prefetching are able to conditionally turn
it off (GH#1846)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1775693 - paramiko lacks support for rsa-sha2-256, leads to
AuthenticationException
https://bugzilla.redhat.com/show_bug.cgi?id=1775693
--------------------------------------------------------------------------------
================================================================================
python-pynetdicom-2.0.1-1.fc35 (FEDORA-2022-1e897f56c9)
A Python implementation of the DICOM networking protocol
--------------------------------------------------------------------------------
Update Information:
Update to 2.0.1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Alessio <alciregi AT fedoraproject DOT org> - 2.0.1-1
- Update to 2.0.1
* Mon Dec 27 2021 Alessio <alciregi AT fedoraproject DOT org> - 2.0.0-1
- Update to 2.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036117 - python-pynetdicom-2.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036117
--------------------------------------------------------------------------------
================================================================================
python-pytest-regressions-2.3.0-1.fc35 (FEDORA-2022-70a01a2dca)
Pytest fixtures for writing regression tests
--------------------------------------------------------------------------------
Update Information:
Changes in version 2.3.0: * `#54 <
https://github.com/ESSS/pytest-
regressions/pull/54>`__: New ``--with-test-class-names`` command-line flag to
consider test class names when composing the expected and obtained data
filenames. Needed when the same module contains different classes with the same
method names. * `#74 <
https://github.com/ESSS/pytest-regressions/pull/74>`__:
Fix ``empty string bug`` on dataframe regression.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Jerry James <loganjerry(a)gmail.com> - 2.3.0-1
- Version 2.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036917 - python-pytest-regressions-2.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036917
--------------------------------------------------------------------------------
================================================================================
python-requests-2.27.0-1.fc35 (FEDORA-2022-104704f78a)
HTTP library, written in Python, for human beings
--------------------------------------------------------------------------------
Update Information:
This update provides a new version of requests with a couple of bug fixes, and
drops the unbundling of `match_hostname` in urllib3 which caused
`DeprecationWarning`s in most code that used requests or urllib3.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Adam Williamson <awilliam(a)redhat.com> - 2.27.0-1
- Update to 2.27.0
- Re-enable test_https_warnings as it works with pytest-httpbin 1.0.0 now
- Re-enable test_pyopenssl_redirect, it seems to work too
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009550 - "DeprecationWarning: ssl.match_hostname() is deprecated"
on Fedora 35 / Rawhide (Python 3.10)
https://bugzilla.redhat.com/show_bug.cgi?id=2009550
--------------------------------------------------------------------------------
================================================================================
python-trimesh-3.9.39-1.fc35 (FEDORA-2022-19d18ba45c)
Import, export, process, analyze and view triangular meshes
--------------------------------------------------------------------------------
Update Information:
Update to 3.9.39 with minor bug fixes:
https://github.com/mikedh/trimesh/compare/3.9.36...3.9.39
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.9.39-1
- Update to 3.9.39 (close RHBZ#2036543)
* Tue Jan 4 2022 Benjamin A. Beasley <code(a)musicinmybrain.net> 3.9.36-2
- Fix missing %autorelease
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2036543 - python-trimesh-3.9.39 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2036543
--------------------------------------------------------------------------------
================================================================================
python-urllib3-1.26.7-2.fc35 (FEDORA-2022-104704f78a)
Python HTTP library with thread-safe connection pooling and file post
--------------------------------------------------------------------------------
Update Information:
This update provides a new version of requests with a couple of bug fixes, and
drops the unbundling of `match_hostname` in urllib3 which caused
`DeprecationWarning`s in most code that used requests or urllib3.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Adam Williamson <awilliam(a)redhat.com> - 1.26.7-2
- Stop unbundling ssl.match_hostname, it's deprecated upstream (#2009550)
* Sun Sep 26 2021 Kevin Fenzi <kevin(a)scrye.com> - 1.26.7-1
- Update to 1.26.7. Fixes rhbz#2006973
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2009550 - "DeprecationWarning: ssl.match_hostname() is deprecated"
on Fedora 35 / Rawhide (Python 3.10)
https://bugzilla.redhat.com/show_bug.cgi?id=2009550
--------------------------------------------------------------------------------
================================================================================
python-yfinance-0.1.68-1.fc35 (FEDORA-2022-d5681b6aac)
Yahoo! Finance market data downloader
--------------------------------------------------------------------------------
Update Information:
Update to 0.1.68
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Major Hayden <major(a)mhtx.net> 0.1.68-1
- Update to 0.1.68
--------------------------------------------------------------------------------
================================================================================
rubygem-rake-compiler-1.1.7-1.fc35 (FEDORA-2022-f79f07a806)
Rake-based Ruby C Extension task generator
--------------------------------------------------------------------------------
Update Information:
New version 1.1.7 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Mamoru TASAKA <mtasaka(a)fedoraproject.org> - 1.1.7-1
- 1.1.7
--------------------------------------------------------------------------------
================================================================================
terminology-1.12.1-1.fc35 (FEDORA-2022-69f6e74196)
EFL based terminal emulator
--------------------------------------------------------------------------------
Update Information:
With the new year comes a new release of Terminology with some exciting changes.
Additions * New default theme! New screenshots on [About
Terminology](https://www.enlightenment.org/about-terminology.md) Improvements
* Support EFL 1-26 or newer only * Colorschemes generate their own configuration
file, allowing for easy management of outside contributions
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Conrad Meyer <cem(a)FreeBSD.org> - 1.12.1-1
- Update to 1.12.1 (#2022499)
* Mon Jan 3 2022 Conrad Meyer <cem(a)FreeBSD.org> - 1.12.0-1
- Update to 1.12.0 (#2022499)
- Bump EFL depend to 1.26 per upstream
* Thu Oct 21 2021 Ding-Yi Chen <dchen(a)redhat.com> - 1.10.0-2
- ExcludeArch s390x because of missing dependencies
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2022499 - terminology-1.12.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2022499
--------------------------------------------------------------------------------
================================================================================
vdr-epg-daemon-1.2.1-1.fc35 (FEDORA-2022-92319d00f1)
A daemon to download EPG data from internet and manage it in a mysql database
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.1-1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 1.2.1-1
- Update to 1.2.1
* Thu Dec 30 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.165-7
- Rebuilt for new VDR API version
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1.1.165-6
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
================================================================================
vdr-epg2vdr-1.2.5-1.fc35 (FEDORA-2022-09ab9a0732)
A plugin to retrieve EPG data from a mysql database into VDR
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.5-1 ---- Update to 1.2.3-1 ---- Update to 1.2.0-1
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 1.2.5-1
- Update to 1.2.5
* Mon Jan 3 2022 Martin Gansser <martinkg(a)fedoraproject.org> - 1.2.3-1
- Update to 1.2.3
* Fri Dec 31 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 1.2.0-1
- Update to 1.2.0
* Thu Dec 30 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 1.1.118-8
- Rebuilt for new VDR API version
- Add vdr-epg2vdr-2.5.4.patch
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 1.1.118-7
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
================================================================================
wine-7.0-0.4rc4.fc35 (FEDORA-2022-1dedcde17e)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
https://www.winehq.org/announce/7.0-rc4 ----
https://www.winehq.org/announce/7.0-rc3 https://www.winehq.org/announce/7.0-rc2
https://www.winehq.org/announce/7.0-rc1 https://www.winehq.org/announce/6.23
https://www.winehq.org/announce/6.22
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 3 2022 Michael Cronenworth <mike(a)cchtml.com> 7.0-0.1rc4
- version update
* Mon Jan 3 2022 FeRD (Frank Dana) <ferdnyc(a)gmail.com> 7.0-0.3rc3
- Silence messages from expected failures during rpm scriptlets
* Mon Dec 27 2021 Bj��rn Esser <besser82(a)fedoraproject.org> - 7.0-0.2rc3
- version update
--------------------------------------------------------------------------------
================================================================================
wmbusmeters-1.6.0-1.fc35 (FEDORA-2022-e55b2ac143)
Read the wireless mbus protocol to acquire utility meter readings
--------------------------------------------------------------------------------
Update Information:
Update to 1.6.0 (rhbz#2020903)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 4 2022 Damian Wrobel <dwrobel(a)ertelnet.rybnik.pl> - 1.6.0-1
- Update to 1.6.0 (rhbz#2020903)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2020903 - wmbusmeters-1.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2020903
--------------------------------------------------------------------------------
================================================================================
xpra-4.3-1.fc35 (FEDORA-2022-14aa376dae)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
- Release 4.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2021 Antonio Trande <sagitter(a)fedoraproject.org> - 4.3.0-1
- Release 4.3
* Wed Oct 6 2021 Antonio Trande <sagitter(a)fedoraproject.org> - 4.2.3-1
- Release 4.2.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2033399 - xpra-4.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2033399
--------------------------------------------------------------------------------