The following Fedora 32 Security updates need testing: Age URL 42 https://bodhi.fedoraproject.org/updates/FEDORA-2020-eb942ee0db libuv-1.39.0-1.fc32 nodejs-12.18.4-1.fc32 5 https://bodhi.fedoraproject.org/updates/FEDORA-2020-495c14a23f fastd-21-1.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9c2f330b5a arpwatch-2.1a15-48.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebabb6bf76 blueman-2.1.4-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4f9ee82bc5 community-mysql-8.0.22-1.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-d67cc48dce pngcheck-2.3.0-3.fc32 2 https://bodhi.fedoraproject.org/updates/FEDORA-2020-127d40f1ab chromium-86.0.4240.111-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ee7c84cd7 thunderbird-78.4.0-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ded2298c25 xen-4.13.1-8.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-58b619cf00 samba-4.12.9-0.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-920a258c79 kernel-5.8.17-200.fc32
The following Fedora 32 Critical Path updates have yet to be approved: Age URL 119 https://bodhi.fedoraproject.org/updates/FEDORA-2020-ebbe0f7b25 cpio-2.13-6.fc32 22 https://bodhi.fedoraproject.org/updates/FEDORA-2020-95b9c09df2 binutils-2.34-6.fc32 15 https://bodhi.fedoraproject.org/updates/FEDORA-2020-a27b8aedcd fedora-repos-32-10 12 https://bodhi.fedoraproject.org/updates/FEDORA-2020-da3401a3ce enchant2-2.2.12-1.fc32 mingw-enchant2-2.2.12-1.fc32 9 https://bodhi.fedoraproject.org/updates/FEDORA-2020-f9ada0f4f8 pcre-8.44-2.fc32 7 https://bodhi.fedoraproject.org/updates/FEDORA-2020-b591d7878e linux-firmware-20201022-113.fc32 6 https://bodhi.fedoraproject.org/updates/FEDORA-2020-57f9e6e50e koji-1.23.0-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-62a75b137f webkit2gtk3-2.30.2-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-9a96a4b085 nfs-utils-2.5.2-0.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-63f76b0bb8 libteam-1.31-2.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-3233cba37a fwupd-1.5.0-1.fc32 4 https://bodhi.fedoraproject.org/updates/FEDORA-2020-082fed0894 pam-1.3.1-27.fc32 3 https://bodhi.fedoraproject.org/updates/FEDORA-2020-efbdd95dca pcre2-10.35-8.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-920a258c79 kernel-5.8.17-200.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-4ee7c84cd7 thunderbird-78.4.0-1.fc32 1 https://bodhi.fedoraproject.org/updates/FEDORA-2020-e38f0e9350 mtools-4.0.25-1.fc32
The following builds have been pushed to Fedora 32 updates-testing
barrier-2.3.3-2.fc32 boinc-client-7.16.11-2.fc32 btrfsmaintenance-0.5-1.fc32 dogtag-pki-10.10.0-1.fc32 growlight-1.2.16-1.fc32 icewm-1.9.0-1.fc32 jss-4.8.0-1.fc32 libbluray-1.2.1-2.fc32 liquid-dsp-1.3.2-3.20201010git7ad2496.fc32 mame-0.226-1.fc32 notcurses-2.0.2-1.fc32 pki-core-10.10.0-1.fc32 psi-plus-1.4.1523-1.fc32 python-sphinx-kr-theme-0.2.1-3.fc32 quaternion-0.0.9.4e-5.fc32 retrace-server-1.22.3-1.fc32 tomcatjss-7.6.0-1.fc32 ufdbGuard-1.35.2-1.fc32 usrsctp-1.0.0-0.1.20201017gitf4925bd.fc32 wlsunset-0.1.0-1.fc32 wordpress-5.5.2-1.fc32
Details about builds:
================================================================================ barrier-2.3.3-2.fc32 (FEDORA-2020-ab80467ee9) Use a single keyboard and mouse to control multiple computers -------------------------------------------------------------------------------- Update Information:
Upstream update to 2.3.3 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Ding-Yi Chen dchen@redhat.com - 2.3.3-2 - Fix build for Fedora 32 * Fri Oct 30 2020 Ding-Yi Chen dchen@redhat.com - 2.3.3-1 - Upstream update to 2.3.3 - Add BuildRequires: gtest-devel * Sat Aug 1 2020 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-4 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Mon Jul 27 2020 Fedora Release Engineering releng@fedoraproject.org - 2.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1863242 - barrier: FTBFS in Fedora rawhide/f33 https://bugzilla.redhat.com/show_bug.cgi?id=1863242 --------------------------------------------------------------------------------
================================================================================ boinc-client-7.16.11-2.fc32 (FEDORA-2020-fde62f492d) The BOINC client -------------------------------------------------------------------------------- Update Information:
7.16.11 release. Added /etc/boinc-client/config.properties ---- 7.16.11 release -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Germano Massullo germano.massullo@gmail.com - 7.16.11-2 - Added SOURCE4: config.properties * Fri Oct 30 2020 Germano Massullo germano.massullo@gmail.com - 7.16.11-1 - 7.16.11 release - Added 4071.patch Read https://github.com/BOINC/boinc/pull/4071 - * Tue Oct 6 2020 Germano Massullo germano.massullo@gmail.com - 7.16.6-7 - Re-enabled ppc64 architecture on EPEL7. Read https://bugzilla.redhat.com/show_bug.cgi?id=1648290 --------------------------------------------------------------------------------
================================================================================ btrfsmaintenance-0.5-1.fc32 (FEDORA-2020-498df19261) Scripts for btrfs maintenance tasks -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1892715 - Review Request: btrfsmaintenance - Scripts for btrfs maintenance tasks https://bugzilla.redhat.com/show_bug.cgi?id=1892715 --------------------------------------------------------------------------------
================================================================================ dogtag-pki-10.10.0-1.fc32 (FEDORA-2020-b115578381) Dogtag PKI Package -------------------------------------------------------------------------------- Update Information:
Update to latest stable Dogtag v10.10.0 release -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Dogtag PKI Team pki-devel@redhat.com - 10.10.0-1 - Rebase to upstream stable v10.10.0-1 release --------------------------------------------------------------------------------
================================================================================ growlight-1.2.16-1.fc32 (FEDORA-2020-ada2556697) Disk manipulation and system setup tool -------------------------------------------------------------------------------- Update Information:
Finally we can rebuild, with notcurses 2.0.1 in fc32. Update from 1.2.8 to 1.2.16. -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 19 2020 Nick Black dankamongmen@gmail.com - 1.2.16-1 - New upstream release * Thu Oct 15 2020 Nick Black dankamongmen@gmail.com - 1.2.15-1 - New upstream release * Sat Oct 10 2020 Nick Black dankamongmen@gmail.com - 1.2.14-1 - New upstream release * Tue Sep 29 2020 Nick Black dankamongmen@gmail.com - 1.2.13-1 - New upstream release, dep on notcurses 1.7.5+ * Sun Sep 20 2020 Nick Black dankamongmen@gmail.com - 1.2.12-1 - New upstream release, dep on notcurses 1.7.3+ * Wed Sep 2 2020 Nick Black dankamongmen@gmail.com - 1.2.11-1 - New upstream release * Sun Aug 30 2020 Nick Black dankamongmen@gmail.com - 1.2.9-1 - New upstream release --------------------------------------------------------------------------------
================================================================================ icewm-1.9.0-1.fc32 (FEDORA-2020-2a81b9701d) Window manager designed for speed, usability, and consistency -------------------------------------------------------------------------------- Update Information:
Update to 1.9.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Artem Polishchuk ego.cordatus@gmail.com - 1.9.0-1 - build(update): 1.9.0 --------------------------------------------------------------------------------
================================================================================ jss-4.8.0-1.fc32 (FEDORA-2020-b115578381) Java Security Services (JSS) -------------------------------------------------------------------------------- Update Information:
Update to latest stable Dogtag v10.10.0 release -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 21 2020 Dogtag PKI Team pki-devel@redhat.com - 4.8.0-1 - Rebase to upstream stable release JSS v4.8.0 --------------------------------------------------------------------------------
================================================================================ libbluray-1.2.1-2.fc32 (FEDORA-2020-4458232d79) Library to access Blu-Ray disks for video playback -------------------------------------------------------------------------------- Update Information:
Fix dependency issue between libbluray-devel and libudfread-devel ---- From upstream changelog: - Add initial support for .fmts files. - Improve missing/broken playlist handling ("Star Trek Beyond 4K"). - Improve UHD metadata support. - Improve BD-J compability. - Improve error resilience and stability. - Fix long delay in "Evangelion, You are (not) alone" menu. - Fix JVM bootstrap issues with some Java 9 versions. - Fix sign extended bytes when reading single bytes in BDJ. - Fix creating organization and disc specific BD-J BUDA directories. - Use external libudfread when available. - Rename list_titles to bd_list_titles and add it to installed programs. -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Xavier Bachelot xavier@bachelot.org 1.2.1-2 - Disable external libudfread (RHBZ#1892856) * Sat Oct 24 2020 Xavier Bachelot xavier@bachelot.org 1.2.1-1 - Update to 1.2.1 (RHBZ#1891243) - Enable external libudfread - Drop most test utilities * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Sat Jul 11 2020 Jiri Vanek jvanek@redhat.com - 1.2.0-2 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 * Wed May 6 2020 Xavier Bachelot xavier@bachelot.org 1.2.0-1 - Update to 1.2.0 - Use unversioned JDK_HOME -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891243 - libbluray-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1891243 [ 2 ] Bug #1892856 - F34FailsToInstall: libbluray-devel https://bugzilla.redhat.com/show_bug.cgi?id=1892856 --------------------------------------------------------------------------------
================================================================================ liquid-dsp-1.3.2-3.20201010git7ad2496.fc32 (FEDORA-2020-06ad0ad56c) Digital Signal Processing Library for Software-Defined Radios -------------------------------------------------------------------------------- Update Information:
Upstream removed the exit() calls https://github.com/jgaeddert/liquid- dsp/issues/134 -------------------------------------------------------------------------------- ChangeLog:
* Mon Oct 12 2020 Matt Domsch matt@domsch.com 1.3.2-3.20201010git7ad2496 - Upstream removed the exit() calls https://github.com/jgaeddert/liquid-dsp/issues/134 - invoke autoreconf at build time, as upstream doesn't package what we need - Add BR: fftw-devel - Remove BR: gcovr and --enable-coverage. It was keeping the exit call in the library, and we aren't looking at the coverage results anyhow. * Tue Jul 28 2020 Fedora Release Engineering releng@fedoraproject.org - 1.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Apr 7 2020 Matt Domsch matt@domsch.com 1.3.2-1 - upstream 1.3.2 - upstream constantly changes the ABI in backwards-incompatible ways without versioning with sonames themselves. Add a fedora_soname. --------------------------------------------------------------------------------
================================================================================ mame-0.226-1.fc32 (FEDORA-2020-a1688426bf) Multiple Arcade Machine Emulator -------------------------------------------------------------------------------- Update Information:
An update to the latest upstream release: * https://www.mamedev.org/?p=488 -------------------------------------------------------------------------------- ChangeLog:
* Thu Oct 29 2020 Julian Sikorski belegdol@fedoraproject.org - 0.226-1 - Update to 0.226 --------------------------------------------------------------------------------
================================================================================ notcurses-2.0.2-1.fc32 (FEDORA-2020-e1220d8c23) Character graphics and TUI library -------------------------------------------------------------------------------- Update Information:
Quadblitter transparency fixes and performance improvements. -------------------------------------------------------------------------------- ChangeLog:
* Sun Oct 25 2020 Nick Black dankamongmen@gmail.com - 2.0.2-1 - New upstream version, ncvisual_decode_loop() --------------------------------------------------------------------------------
================================================================================ pki-core-10.10.0-1.fc32 (FEDORA-2020-b115578381) Dogtag PKI Core Package -------------------------------------------------------------------------------- Update Information:
Update to latest stable Dogtag v10.10.0 release -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 28 2020 Dogtag PKI Team pki-devel@redhat.com - 10.10.0-1 - Rebase to upstream stable v10.10.0-1 release --------------------------------------------------------------------------------
================================================================================ psi-plus-1.4.1523-1.fc32 (FEDORA-2020-bcb5ace124) Jabber client based on Qt -------------------------------------------------------------------------------- Update Information:
Updated to version 1.4.1523. -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Vitaly Zaitsev vitaly@easycoding.org - 1:1.4.1523-1 - Updated to version 1.4.1523. --------------------------------------------------------------------------------
================================================================================ python-sphinx-kr-theme-0.2.1-3.fc32 (FEDORA-2020-adbafff166) Kenneth Reitz's krTheme for Sphinx -------------------------------------------------------------------------------- Update Information:
New package -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1892411 - Review Request: python-sphinx-kr-theme - Kenneth Reitz's krTheme for Sphinx https://bugzilla.redhat.com/show_bug.cgi?id=1892411 --------------------------------------------------------------------------------
================================================================================ quaternion-0.0.9.4e-5.fc32 (FEDORA-2020-05030f9ed2) A Qt5-based IM client for Matrix -------------------------------------------------------------------------------- Update Information:
This update fixes a packaging error by explicitly declaring qtquickcontrols in requires. -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Brendan Early mymindstorm@evermiss.net - 0.0.9.4e-5 - Add explicit requires for qtquickcontrols * Thu Aug 6 2020 Brendan Early mymindstorm@evermiss.net - 0.0.9.4e-4 - Fix build failure * Sat Aug 1 2020 Fedora Release Engineering releng@fedoraproject.org - 0.0.9.4e-3 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Wed Jul 29 2020 Fedora Release Engineering releng@fedoraproject.org - 0.0.9.4e-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ retrace-server-1.22.3-1.fc32 (FEDORA-2020-8a95a0123d) Application for remote coredump analysis -------------------------------------------------------------------------------- Update Information:
New upstream release 1.22.3 - Fix coredump2packages script ---- New upstream release 1.22.2 - Fix path to coredump in generated dockerfile when using Podman backend - Fix "not writable" error when retracing coredumps - Improve log messages ---- New upstream release 1.22.1 ---- New upstream release 1.22.0 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Packit Service user-cont-team+packit-service@redhat.com - 1.22.3-1 - new upstream release: 1.22.3 * Fri Oct 23 2020 Packit Service user-cont-team+packit-service@redhat.com - 1.22.2-1 - new upstream release: 1.22.2 * Wed Oct 21 2020 Mat��j Grabovsk�� mgrabovs@redhat.com 1.22.0-1 - Add support for virtual memory files for vmcores - Add option to restart an existing task in retrace-server-task and on task manager page - Disallow users other than 'retrace' to call retrace-server-worker - Improve error message in case of Kerberos authentication failure - Revamp task manager web UI - Revamp GPG verification of package signatures; use keys from distribution-gpg-keys - Accommodate for multiple debug directories in Fedora 27 and later - Fix FTP submissions on task manager page - Fix permissions on dmesg file in task results directory - Migrate build process to Meson; completely drop Autotools - Add Tito configuration - Update translations - Drop python3-six dependency - Add build dependencies on gzip, lsof, tar and xz - Rewrite Dockerfile - Migrate to calling subprocess.run() in place of s.Popen() and s.call() - Use pathlib.Path instead of strings and os.path methods in some places - Add kernel-only config options 'KernelDebuggerPath' and 'RetraceEnvironment=native' - Introduce type annotations - Address issues reported by Pylint - Other minor code refactoring and cleanup operations * Wed Oct 21 2020 Mat��j Grabovsk�� mgrabovs@redhat.com 1.22.0-1 - Add support for virtual memory files for vmcores - Add option to restart an existing task in retrace-server-task and on task manager page - Disallow users other than 'retrace' to call retrace-server-worker - Improve error message in case of Kerberos authentication failure - Revamp task manager web UI - Revamp GPG verification of package signatures; use keys from distribution-gpg-keys - Accommodate for multiple debug directories in Fedora 27 and later - Fix FTP submissions on task manager page - Fix permissions on dmesg file in task results directory - Update translations - Drop python3-six dependency - Add build dependencies on gzip, lsof, tar and xz - Rewrite Dockerfile - Migrate to calling subprocess.run() in place of s.Popen() and s.call() - Use pathlib.Path instead of strings and os.path methods in some places - Add kernel-only config options 'KernelDebuggerPath' and 'RetraceEnvironment=native' - Introduce type annotations - Address issues reported by Pylint - Other minor code refactoring and cleanup operations --------------------------------------------------------------------------------
================================================================================ tomcatjss-7.6.0-1.fc32 (FEDORA-2020-b115578381) JSS Connector for Apache Tomcat -------------------------------------------------------------------------------- Update Information:
Update to latest stable Dogtag v10.10.0 release -------------------------------------------------------------------------------- ChangeLog:
* Wed Oct 28 2020 Dogtag PKI Team pki-devel@redhat.com - 7.6.0-1 - Rebase to match latest upstream version v7.6.0-1 --------------------------------------------------------------------------------
================================================================================ ufdbGuard-1.35.2-1.fc32 (FEDORA-2020-0e8a571264) A URL filter for squid -------------------------------------------------------------------------------- Update Information:
1.35.2 -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Gwyn Ciesla gwync@protonmail.com = 1.35.2-1 - 1.35.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1893326 - ufdbGuard-1.35.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1893326 --------------------------------------------------------------------------------
================================================================================ usrsctp-1.0.0-0.1.20201017gitf4925bd.fc32 (FEDORA-2020-bcb5ace124) Portable SCTP userland stack -------------------------------------------------------------------------------- Update Information:
Updated to version 1.4.1523. -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ wlsunset-0.1.0-1.fc32 (FEDORA-2020-f06c053ac7) Day/night gamma adjustments for Sway -------------------------------------------------------------------------------- Update Information:
``` - Initial import (#1891163) ``` -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1891163 - Review Request: wlsunset - Day/night gamma adjustments for Sway https://bugzilla.redhat.com/show_bug.cgi?id=1891163 --------------------------------------------------------------------------------
================================================================================ wordpress-5.5.2-1.fc32 (FEDORA-2020-3bc238618e) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 5.5.2 Security and Maintenance Release** **Security Updates** * Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests. * Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network. * Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables. * Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC. * Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE. * Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs. * Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion. * Thanks to Erwan LR from WPScan who responsibly disclosed a method that could lead to CSRF. * And a special thanks to @zieladam who was integral in many of the releases and patches during this release. -------------------------------------------------------------------------------- ChangeLog:
* Fri Oct 30 2020 Remi Collet remi@remirepo.net - 5.5.2-1 - WordPress 5.5.2 Security and Maintenance Release --------------------------------------------------------------------------------