The following Fedora 35 Security updates need testing:
Age URL
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4b190fd271 qt-4.8.7-65.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6988830606
vim-8.2.3512-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-9818cabe0d
nodejs-16.11.1-1.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-04bfae8300
python-reportlab-3.6.2-1.fc35
3
https://bodhi.fedoraproject.org/updates/FEDORA-2021-1acbee2459
python-django-filter-21.1-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-02d218c3be php-8.0.12-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-107c8c5063
java-1.8.0-openjdk-1.8.0.312.b07-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-eb3e3e87d3
java-11-openjdk-11.0.13.0.8-1.fc35
The following Fedora 35 Critical Path updates have yet to be approved:
Age URL
14
https://bodhi.fedoraproject.org/updates/FEDORA-2021-71f294e1ec
breeze-icon-theme-5.87.0-1.fc35 extra-cmake-modules-5.87.0-1.fc35 kf5-5.87.0-1.fc35
kf5-attica-5.87.0-1.fc35 kf5-baloo-5.87.0-1.fc35 kf5-bluez-qt-5.87.0-1.fc35
kf5-frameworkintegration-5.87.0-1.fc35 kf5-kactivities-5.87.0-1.fc35
kf5-kactivities-stats-5.87.0-1.fc35 kf5-kapidox-5.87.0-1.fc35 kf5-karchive-5.87.0-1.fc35
kf5-kauth-5.87.0-1.fc35 kf5-kbookmarks-5.87.0-1.fc35 kf5-kcalendarcore-5.87.0-1.fc35
kf5-kcmutils-5.87.0-1.fc35 kf5-kcodecs-5.87.0-1.fc35 kf5-kcompletion-5.87.0-1.fc35
kf5-kconfig-5.87.0-1.fc35 kf5-kconfigwidgets-5.87.0-1.fc35 kf5-kcontacts-5.87.0-1.fc35
kf5-kcoreaddons-5.87.0-1.fc35 kf5-kcrash-5.87.0-1.fc35 kf5-kdav-5.87.0-1.fc35
kf5-kdbusaddons-5.87.0-1.fc35 kf5-kdeclarative-5.87.0-1.fc35 kf5-kded-5.87.0-1.fc35
kf5-kdelibs4support-5.87.0-1.fc35 kf5-kdesignerplugin-5.87.0-1.fc35
kf5-kdesu-5.87.0-1.fc35 kf5-kdewebkit-5.87.0-1.fc35 kf5-kdnssd-5.87.0-1.fc35
kf5-kdoctools-5.87.0-1.fc35 kf5-kemoticons-5.87
.0-1.fc35 kf5-kfilemetadata-5.87.0-1.fc35 kf5-kglobalaccel-5.87.0-1.fc35
kf5-kguiaddons-5.87.0-1.fc35 kf5-kholidays-5.87.0-1.fc35 kf5-khtml-5.87.0-1.fc35
kf5-ki18n-5.87.0-1.fc35 kf5-kiconthemes-5.87.0-1.fc35 kf5-kidletime-5.87.0-1.fc35
kf5-kimageformats-5.87.0-1.fc35 kf5-kinit-5.87.0-1.fc35 kf5-kio-5.87.0-1.fc35
kf5-kirigami2-5.87.0-1.fc35 kf5-kitemmodels-5.87.0-1.fc35 kf5-kitemviews-5.87.0-1.fc35
kf5-kjobwidgets-5.87.0-1.fc35 kf5-kjs-5.87.0-1.fc35 kf5-kjsembed-5.87.0-1.fc35
kf5-kmediaplayer-5.87.0-1.fc35 kf5-knewstuff-5.87.0-1.fc35
kf5-knotifications-5.87.0-1.fc35 kf5-knotifyconfig-5.87.0-1.fc35
kf5-kpackage-5.87.0-1.fc35 kf5-kparts-5.87.0-1.fc35 kf5-kpeople-5.87.0-1.fc35
kf5-kplotting-5.87.0-1.fc35 kf5-kpty-5.87.0-1.fc35 kf5-kquickcharts-5.87.0-1.fc35
kf5-kross-5.87.0-1.fc35 kf5-krunner-5.87.0-1.fc35 kf5-kservice-5.87.0-1.fc35
kf5-ktexteditor-5.87.0-1.fc35 kf5-ktextwidgets-5.87.0-1.fc35
kf5-kunitconversion-5.87.0-1.fc35 kf5-kwallet-5.87.0-1.fc35 kf5-kwayland-5.87.0-1.fc35
kf5-kwid
getsaddons-5.87.0-1.fc35 kf5-kwindowsystem-5.87.0-1.fc35 kf5-kxmlgui-5.87.0-1.fc35
kf5-kxmlrpcclient-5.87.0-1.fc35 kf5-modemmanager-qt-5.87.0-1.fc35
kf5-networkmanager-qt-5.87.0-1.fc35 kf5-plasma-5.87.0-1.fc35 kf5-prison-5.87.0-1.fc35
kf5-purpose-5.87.0-1.fc35 kf5-solid-5.87.0-1.fc35 kf5-sonnet-5.87.0-1.fc35
kf5-syndication-5.87.0-1.fc35 kf5-syntax-highlighting-5.87.0-1.fc35
kf5-threadweaver-5.87.0-1.fc35 oxygen-icon-theme-5.87.0-1.fc35
plasma-wayland-protocols-1.4.0-1.fc35 qqc2-desktop-style-5.87.0-1.fc35
9
https://bodhi.fedoraproject.org/updates/FEDORA-2021-4b190fd271 qt-4.8.7-65.fc35
7
https://bodhi.fedoraproject.org/updates/FEDORA-2021-ef6c1281aa
sddm-0.19.0-16.fc35
5
https://bodhi.fedoraproject.org/updates/FEDORA-2021-6988830606
vim-8.2.3512-1.fc35
1
https://bodhi.fedoraproject.org/updates/FEDORA-2021-e83de2541a
gnome-online-accounts-3.40.1-1.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-a98532af5e
kernel-5.14.14-300.fc35
0
https://bodhi.fedoraproject.org/updates/FEDORA-2021-d3cb1609c8
fedora-third-party-0.8-1.fc35 selinux-policy-35.3-1.20211019git94970fc.fc35
The following builds have been pushed to Fedora 35 updates-testing
dnf-plugins-core-4.0.24-1.fc35
libinput-1.19.2-1.fc35
notmuch-0.34-1.fc35
perl-Alien-Build-2.44-1.fc35
perl-CBOR-XS-1.84-1.fc35
perl-CHI-0.61-1.fc35
perl-Test2-Harness-1.0.74-1.fc35
php-clue-block-react-1.5.0-1.fc35
php-guzzlehttp-promises-1.5.0-1.fc35
php-guzzlehttp-psr7-1.8.3-1.fc35
php-react-promise-stream-1.3.0-1.fc35
pipewire-0.3.39-1.fc35
python-pystemd-0.10.0-1.fc35
python-pytest-postgresql-3.1.2-1.fc35
strongswan-5.9.4-1.fc35
vdr-2.4.7-5.fc35
wget-1.21.2-2.fc35
xorg-x11-server-Xwayland-21.1.2.901-1.fc35
Details about builds:
================================================================================
dnf-plugins-core-4.0.24-1.fc35 (FEDORA-2021-bcda66e5e3)
Core Plugins for DNF
--------------------------------------------------------------------------------
Update Information:
- Update to 4.0.24 - [copr] on CentOS Stream, enable centos stream chroot
instead of not epel 8 (RhBug:1994154) - [copr] Avoid using deprecated function
distro.linux_distribution() (RhBug:2011550) - [copr] don't traceback on empty
lines in /etc/os-release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Pavla Kratochvilova <pkratoch(a)redhat.com> - 4.0.24-1
- Update to 4.0.24
- [copr] on CentOS Stream, enable centos stream chroot instead of not epel 8
(RhBug:1994154)
- [copr] Avoid using deprecated function distro.linux_distribution() (RhBug:2011550)
- [copr] don't traceback on empty lines in /etc/os-release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2011550 - dnf-plugins-core uses distro.linux_distribution(), deprecated in
distro 1.6.0
https://bugzilla.redhat.com/show_bug.cgi?id=2011550
--------------------------------------------------------------------------------
================================================================================
libinput-1.19.2-1.fc35 (FEDORA-2021-efde2882ae)
Input device library
--------------------------------------------------------------------------------
Update Information:
libinput 1.19.2 with the usual device-specific quirks
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Peter Hutterer <peter.hutterer(a)redhat.com> - 1.19.2-1
- libinput 1.19.2
--------------------------------------------------------------------------------
================================================================================
notmuch-0.34-1.fc35 (FEDORA-2021-e985962d1c)
System for indexing, searching, and tagging email
--------------------------------------------------------------------------------
Update Information:
rebase with upstream release 0.34
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34-1
- rebase with upstream release 0.34
* Sat Oct 16 2021 Michael J Gruber <mjg(a)fedoraproject.org> 0.34~rc0-1
- rebase with upstream RC
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2014519 - notmuch-0.34 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2014519
--------------------------------------------------------------------------------
================================================================================
perl-Alien-Build-2.44-1.fc35 (FEDORA-2021-46e1a13c17)
Build external dependencies for use in CPAN
--------------------------------------------------------------------------------
Update Information:
This release fixes a coloured output of Alien::Build::Log::Abbreviate.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Petr Pisar <ppisar(a)redhat.com> - 2.44-1
- 2.44 bump
* Thu Sep 30 2021 Petr Pisar <ppisar(a)redhat.com> - 2.42-1
- 2.42 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2016220 - perl-Alien-Build-2.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2016220
--------------------------------------------------------------------------------
================================================================================
perl-CBOR-XS-1.84-1.fc35 (FEDORA-2021-e157f497ec)
Concise Binary Object Representation (CBOR)
--------------------------------------------------------------------------------
Update Information:
This release fixes a UTF-8 check for empty strings.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Petr Pisar <ppisar(a)redhat.com> - 1.84-1
- 1.84 bump
- Package the tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2016223 - perl-CBOR-XS-1.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2016223
--------------------------------------------------------------------------------
================================================================================
perl-CHI-0.61-1.fc35 (FEDORA-2021-c6dfeceb27)
Unified cache handling interface
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Ralf Cors��pius <corsepiu(a)fedoraproject.org> - 0.61-1
- Update to 0.61.
- Drop perl-CHI-0.60-perl-5.22-regex.diff.
- Modernize spec.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2015011 - Upgrade perl-CHI to 0.61
https://bugzilla.redhat.com/show_bug.cgi?id=2015011
--------------------------------------------------------------------------------
================================================================================
perl-Test2-Harness-1.0.74-1.fc35 (FEDORA-2021-fb2aba17af)
Test2 Harness designed for the Test2 event system
--------------------------------------------------------------------------------
Update Information:
This release adds a possibility to aggregate coverage by run and by test.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Petr Pisar <ppisar(a)redhat.com> - 1.0.74-1
- 1.000074 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2016163 - perl-Test2-Harness-1.000074 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2016163
--------------------------------------------------------------------------------
================================================================================
php-clue-block-react-1.5.0-1.fc35 (FEDORA-2021-bf3a58ad0c)
Integrate async React PHP components into your blocking environment
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.0** (2021-10-20) * Feature: Simplify usage by supporting new
[default
loop](https://github.com/reactphp/event-loop#loop). (#60 by @clue)
```php // old (still supported) Clue\React\Block\await($promise, $loop);
Clue\React\Block\awaitAny($promises, $loop);
Clue\React\Block\awaitAll($promises, $loop); // new (using default loop)
Clue\React\Block\await($promise); Clue\React\Block\awaitAny($promises);
Clue\React\Block\awaitAll($promises); ``` * Feature: Added support for
upcoming react/promise v3. (#61 by @davidcole1340 and @SimonFrings) *
Improve error reporting by appending previous message for `Throwable`s. (#57
by @clue) * Deprecate `$timeout` argument for `await*()` functions. (#59
by @clue) ```php // deprecated Clue\React\Block\await($promise,
$loop, $timeout); Clue\React\Block\awaitAny($promises, $loop, $timeout);
Clue\React\Block\awaitAll($promises, $loop, $timeout); // still supported
Clue\React\Block\await($promise, $loop);
Clue\React\Block\awaitAny($promises, $loop);
Clue\React\Block\awaitAll($promises, $loop); ``` * Improve API
documentation. (#58 and #63 by @clue and #55 by @PaulRotmann) * Improve
test suite and use GitHub actions for continuous integration (CI). (#54 by
@SimonFrings)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Remi Collet <remi(a)remirepo.net> - 1.5.0-1
- update to 1.5.0
- raise dependency on react/event-loop 1.2
- allow react/promise 3.0
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-promises-1.5.0-1.fc35 (FEDORA-2021-204563f5fa)
Guzzle promises library
--------------------------------------------------------------------------------
Update Information:
**Version 1.5.0** - 2021-10-07 Changed - Call handler when waiting on
fulfilled/rejected Promise Fixed - Fix manually settle promises generated with
Utils::task
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Remi Collet <remi(a)remirepo.net> - 1.5.0-1
- update to 1.5.0
--------------------------------------------------------------------------------
================================================================================
php-guzzlehttp-psr7-1.8.3-1.fc35 (FEDORA-2021-6da90e8e45)
PSR-7 message implementation
--------------------------------------------------------------------------------
Update Information:
**Version 1.8.3** - 2021-10-05 Fixed - Return `null` in caching stream size if
remote size is `null`
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Remi Collet <remi(a)remirepo.net> - 1.8.3-1
- update to 1.8.3
--------------------------------------------------------------------------------
================================================================================
php-react-promise-stream-1.3.0-1.fc35 (FEDORA-2021-2c5fca99d8)
The missing link between Promise-land and Stream-land for ReactPHP
--------------------------------------------------------------------------------
Update Information:
**Version 1.3.0** (2021-10-18) * Feature: Improve error reporting by
appending previous exception messages. (#26 by @clue) For most common
use cases this means that simply reporting the `Exception` message should
give the most relevant details for any issues: ```php
React\Promise\Stream\buffer($stream)->then(function (string $contents) {
// ��� }, function (Exception $e) { echo 'Error:' .
$e->getMessage() .
PHP_EOL; }); ``` * Improve documentation, describe promise and stream
data types. (#27 by @clue and #23 by @WyriHaximus) * Improve test suite
and add `.gitattributes` to exclude dev files from exports. Use GitHub
actions for continuous integration (CI) and run tests on PHPUnit 9 and PHP 8.
(#21 by @reedy and #22, #24 and #25 by @SimonFrings)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Remi Collet <remi(a)remirepo.net> - 1.3.0-1
- update to 1.3.0
- switch to phpunit9
--------------------------------------------------------------------------------
================================================================================
pipewire-0.3.39-1.fc35 (FEDORA-2021-92a35a1dba)
Media Sharing Server
--------------------------------------------------------------------------------
Update Information:
Update version to 0.3.39
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Wim Taymans <wtaymans(a)redhat.com> - 0.3.39-1
- Update version to 0.3.39
* Wed Oct 13 2021 Neal Gompa <ngompa(a)fedoraproject.org> - 0.3.38-2
- Fix libcamera bcond to work properly in RHEL10+ and F36+
--------------------------------------------------------------------------------
================================================================================
python-pystemd-0.10.0-1.fc35 (FEDORA-2021-2b91a49e23)
A thin Cython-based wrapper on top of libsystemd
--------------------------------------------------------------------------------
Update Information:
Update to 0.10.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2021 Davide Cavalca <dcavalca(a)fedoraproject.org> - 0.10.0-1
- Update to 0.10.0
--------------------------------------------------------------------------------
================================================================================
python-pytest-postgresql-3.1.2-1.fc35 (FEDORA-2021-7f0490e2c0)
A pytest plugin for PostgreSQL database integration
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Mikel Olasagasti Uranga <mikel(a)olasagasti.info> - 3.1.2-1
- Update to 3.1.2 #2016263
--------------------------------------------------------------------------------
================================================================================
strongswan-5.9.4-1.fc35 (FEDORA-2021-95fab6a482)
An OpenSource IPsec-based VPN and TNC solution
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2021-41990 and CVE-2021-41991
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2021 Paul Wouters <paul.wouters(a)aiven.io> - 5.9.4-1
- Resolves: rhbz#2015165 strongswan-5.9.4 is available
- Resolves: rhbz#2015611 CVE-2021-41990 strongswan: gmp plugin: integer overflow via a
crafted certificate with an RSASSA-PSS signature
- Resolves: rhbz#2015614 CVE-2021-41991 strongswan: integer overflow when replacing
certificates in cache
- Add BuildRequire for tpm2-tss-devel and weak dependency for tpm2-tools
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 5.9.3-4
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2015165 - strongswan-5.9.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2015165
[ 2 ] Bug #2015611 - CVE-2021-41990 strongswan: gmp plugin: integer overflow via a
crafted certificate with an RSASSA-PSS signature [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2015611
[ 3 ] Bug #2015614 - CVE-2021-41991 strongswan: integer overflow when replacing
certificates in cache [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2015614
--------------------------------------------------------------------------------
================================================================================
vdr-2.4.7-5.fc35 (FEDORA-2021-3e9afb1374)
Video Disk Recorder
--------------------------------------------------------------------------------
Update Information:
- Delete missing kernel header files #Source33 because they are available
again in kernel-headers-5.14.0-300 package
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Martin Gansser <martinkg(a)fedoraproject.org> - 2.4.7-5
- Delete missing kernel header files #Source33 because they are
available again in kernel-headers-5.14.0-300 package
--------------------------------------------------------------------------------
================================================================================
wget-1.21.2-2.fc35 (FEDORA-2021-a4a7e596f8)
A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:
Fix for #2014743 - wget regression SSL_INIT output even with --quiet enabled
---- New version 1.21.1 Fix for bug #2010039
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2021 Michal Ruprich <mruprich(a)redhat.com> - 1.21.2-2
- Fix for #2014743 - wget regression SSL_INIT output even with --quiet enabled
* Fri Oct 15 2021 Michal Ruprich <mruprich(a)redhat.com> - 1.21.2-1
- New version 1.21.2
- Fix for #2010039 - [abrt] wget: find_cell(): wget killed by SIGSEGV
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2010039 - [abrt] wget: find_cell(): wget killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=2010039
[ 2 ] Bug #2014743 - wget regression SSL_INIT output even with --quiet enabled
https://bugzilla.redhat.com/show_bug.cgi?id=2014743
--------------------------------------------------------------------------------
================================================================================
xorg-x11-server-Xwayland-21.1.2.901-1.fc35 (FEDORA-2021-78b54303ff)
Xwayland
--------------------------------------------------------------------------------
Update Information:
xwayland 21.1.2.901 (aka 21.1.3 RC1) - (#2015413)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2021 Olivier Fourdan <ofourdan(a)redhat.com> - 21.1.2.901-1
- xwayland 21.1.2.901 (aka 21.1.3 RC1) - (#2015413)
* Tue Sep 14 2021 Sahana Prasad <sahana(a)redhat.com> - 21.1.2-3
- Rebuilt with OpenSSL 3.0.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2015413 - Please add [Xwayland-21.1] Backport fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2015413
--------------------------------------------------------------------------------