The following Fedora 28 Security updates need testing: Age URL 383 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d510cfd7eb jgraphx-3.6.0.0-6.fc28 333 https://bodhi.fedoraproject.org/updates/FEDORA-2018-d7aeaa74da nodejs-brace-expansion-1.1.11-1.fc28 331 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bc073fdc1a nodejs-atob-2.1.1-1.fc28 207 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc4b7af297 xerces-c27-2.7.0-28.fc28 160 https://bodhi.fedoraproject.org/updates/FEDORA-2018-aa3752ac3c nginx-1.14.1-1.fc28 139 https://bodhi.fedoraproject.org/updates/FEDORA-2018-cc86ef9e22 squid-4.4-1.fc28 66 https://bodhi.fedoraproject.org/updates/FEDORA-2019-86412405d5 bind-9.11.5-4.P4.fc28 53 https://bodhi.fedoraproject.org/updates/FEDORA-2019-63029a7692 libu2f-host-1.1.8-1.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 31 https://bodhi.fedoraproject.org/updates/FEDORA-2019-0927602e59 chromium-73.0.3683.86-2.fc28 26 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a4ed7400f4 httpd-2.4.39-1.fc28 18 https://bodhi.fedoraproject.org/updates/FEDORA-2019-902786bc1e gradle-4.3.1-9.fc28 17 https://bodhi.fedoraproject.org/updates/FEDORA-2019-d9f867cb65 jetty-9.4.11-3.v20180605.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a975e52e95 php-horde-horde-5.2.21-1.fc28 6 https://bodhi.fedoraproject.org/updates/FEDORA-2019-146df522df php-horde-turba-4.2.24-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-c701e6605a java-1.8.0-openjdk-1.8.0.212.b04-0.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ca4ee3510d java-11-openjdk-11.0.3.7-1.fc28 4 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e71f6f36ac pacemaker-1.1.18-3.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28
The following Fedora 28 Critical Path updates have yet to be approved: Age URL 139 https://bodhi.fedoraproject.org/updates/FEDORA-2018-9f541b469b nfs-utils-2.3.3-1.rc2.fc28 103 https://bodhi.fedoraproject.org/updates/FEDORA-2019-78153d357c totem-pl-parser-3.26.2-1.fc28 95 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bb30467485 ostree-2019.1-2.fc28 rpm-ostree-2019.1-1.fc28 87 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb4a3023ef iproute-4.20.0-1.fc28 70 https://bodhi.fedoraproject.org/updates/FEDORA-2019-6c4e362bd0 dhcp-4.3.6-22.fc28 dnsperf-2.2.1-1.fc28 bind-dyndb-ldap-11.1-13.fc28 bind-9.11.5-2.P1.fc28 48 https://bodhi.fedoraproject.org/updates/FEDORA-2019-cb98bf5ace fedfind-4.2.2-1.fc28 python-productmd-1.20-1.fc28 40 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e60ecc03b4 python-productmd-1.21-1.fc28 34 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19e79e9a thunderbird-60.6.1-1.fc28 33 https://bodhi.fedoraproject.org/updates/FEDORA-2019-a0ae4e93b9 sssd-1.16.4-2.fc28 25 https://bodhi.fedoraproject.org/updates/FEDORA-2019-ba19af6a58 libldb-1.4.0-5.fc28.1.3.8 samba-4.8.10-0.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-7e1c3c9d19 python-mako-1.0.9-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-3193a75b06 poppler-0.62.0-22.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9308674cab pcre2-10.33-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b042a87a74 libiptcdata-1.0.5-1.fc28 11 https://bodhi.fedoraproject.org/updates/FEDORA-2019-bc14eac80e libblockdev-2.18-2.fc28 7 https://bodhi.fedoraproject.org/updates/FEDORA-2019-dddd3b8418 ceph-12.2.12-1.fc28 5 https://bodhi.fedoraproject.org/updates/FEDORA-2019-9244c8b209 pungi-4.1.36-1.fc28 2 https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2d5de3342 libqb-1.0.5-1.fc28 1 https://bodhi.fedoraproject.org/updates/FEDORA-2019-b3ab59df83 ethtool-5.0-1.fc28
The following builds have been pushed to Fedora 28 updates-testing
OpenColorIO-1.1.1-1.fc28 R-repr-1.0.0-1.fc28 alex-3.2.3-3.fc28 bacula-9.4.2-1.fc28 drupal8-8.6.15-1.fc28 duplicity-0.7.19-1.fc28 fedpkg-1.37-1.fc28 gnome-shell-extension-system-monitor-applet-38-1.fc28 golang-github-facebookarchive-inject-0-0.3.20190326gitf23751c.fc28 golang-github-facebookarchive-structtag-0-0.3.20190327git217e25f.fc28 kernel-5.0.10-100.fc28 mingw-uriparser-0.9.3-1.fc28 perl-FFI-CheckLib-0.24-1.fc28 phan-1.3.2-1.fc28 python-dask-1.2.1-1.fc28 python-gnupg-0.4.4-1.fc28 python-metakernel-0.21.0-1.fc28 python-mne-bids-0.2-1.fc28 rpkg-1.58-1.fc28 ruby-2.5.5-108.fc28 uriparser-0.9.3-1.fc28 xtl-0.6.4-1.fc28 zstd-1.4.0-1.fc28
Details about builds:
================================================================================ OpenColorIO-1.1.1-1.fc28 (FEDORA-2019-103f13a4aa) Enables color transforms and image display across graphics apps -------------------------------------------------------------------------------- Update Information:
* Added optional compatibility for building apps with OpenImageIO 1.9+ * Added USE_SSE checks to fix Linux build failure getDisplays() result ordering now matches the active_displays config definition or OCIO_ACTIVE_DISPLAYS env var override. * Fixed incorrect getDefaultDisplay()/getDefaultView() result when OCIO_ACTIVE_DISPLAYS or OCIO_ACTIVE_VIEWS env vars are unset. * Fixed Windows- specific GetEnv() bug * Fixed Windows and MacOS CI failure cases -------------------------------------------------------------------------------- ChangeLog:
* Wed Apr 3 2019 Richard Shaw hobbes1069@gmail.com - 1.1.1-1 - Update to 1.1.1. - Removing python glue module as python 3 is not currently supported. * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 1.1.0-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Thu Dec 13 2018 Richard Shaw hobbes1069@gmail.com - 1.1.0-10 - Add patch for OIIO 2.0 and mesa glext.h header changes. * Mon Sep 24 2018 Richard Shaw hobbes1069@gmail.com - 1.1.0-9 - Obsolete Python2 library and build Python3 library. * Thu Aug 23 2018 Nicolas Chauvet kwizart@gmail.com - 1.1.0-8 - Rebuilt for glew 2.1.0 * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 1.1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1695529 - OpenColorIO-1.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1695529 --------------------------------------------------------------------------------
================================================================================ R-repr-1.0.0-1.fc28 (FEDORA-2019-ddc361bfe3) Serializable Representations -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 1.0.0-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704465 - R-repr-1.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704465 --------------------------------------------------------------------------------
================================================================================ alex-3.2.3-3.fc28 (FEDORA-2019-bd38b1b228) Tool for generating lexical analysers in Haskell -------------------------------------------------------------------------------- Update Information:
Rebuild for static linking -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 3.2.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ bacula-9.4.2-1.fc28 (FEDORA-2019-b4e7243937) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information:
Update to 9.4.2. -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 18 2019 Simone Caronni negativo17@gmail.com - 9.4.2-1 - Update to 9.4.2. * Sun Feb 17 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 9.4.1-6 - Rebuild for readline 8.0 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 9.4.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Mon Jan 14 2019 Bj��rn Esser besser82@fedoraproject.org - 9.4.1-4 - Rebuilt for libcrypt.so.2 (#1666033) * Sun Jan 13 2019 Simone Caronni negativo17@gmail.com - 9.4.1-3 - Build QT programs with QT 5 on RHEL/CentOS 7. Also, reduce the number of required QT packages for building. * Sun Jan 13 2019 Simone Caronni negativo17@gmail.com - 9.4.1-2 - Add Debian patch to enable/disable S3 support at configure time. - Disable S3 as it does not currently build: http://bugs.bacula.org/view.php?id=2446 - Update RPM macros. * Sat Jan 12 2019 Simone Caronni negativo17@gmail.com - 9.4.1-1 - Update to 9.4.1. * Sat Jan 12 2019 Simone Caronni negativo17@gmail.com - 9.4.0-1 - Update to 9.4.0. * Sat Jan 12 2019 Simone Caronni negativo17@gmail.com - 9.2.1-2 - Make the build succeed also on supported RHEL and Fedora releases. - Remove Fedora 27 references. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1662279 - bregex, bwild: -l option documented but not working https://bugzilla.redhat.com/show_bug.cgi?id=1662279 --------------------------------------------------------------------------------
================================================================================ drupal8-8.6.15-1.fc28 (FEDORA-2019-1a3edd7e8a) An open source content management platform -------------------------------------------------------------------------------- Update Information:
* https://www.drupal.org/project/drupal/releases/8.6.15 * https://www.drupal.org/SA-CORE-2019-005 (CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911) * https://www.drupal.org/SA-CORE-2019-006 (CVE-2019-11358) * https://www.drupal.org/project/drupal/releases/8.6.14 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Shawn Iwinski shawn@iwin.ski - 8.6.15-1 - Update to 8.6.15 (RHBZ #1697173) - https://www.drupal.org/SA-CORE-2019-005 (CVE-2019-10909 / CVE-2019-10910 / CVE-2019-10911) - https://www.drupal.org/SA-CORE-2019-006 (CVE-2019-11358) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1697173 - drupal8-8.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1697173 --------------------------------------------------------------------------------
================================================================================ duplicity-0.7.19-1.fc28 (FEDORA-2019-115a44077d) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information:
https://launchpad.net/duplicity/+announcement/15256 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Gwyn Ciesla gwync@protonmail.com - 0.7.19-1 - 0.7.19 * Thu Jan 31 2019 Fedora Release Engineering releng@fedoraproject.org - 0.7.18.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704418 - duplicity-0.7.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704418 --------------------------------------------------------------------------------
================================================================================ fedpkg-1.37-1.fc28 (FEDORA-2019-e4359dc92a) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information:
Release of rpkg+fedpkg contains enhancements and fixes as well. Described are mostly more significant enhancements and fixes. rpkg ==== Improvements for scratch module builds ------ * Allow ``module-build-watch`` to exit when a scratch build completes. * Add scratch status to ``module-build-info`` output. * Add scratch module build sub-commands and updates for handling custom modulemd file and SRPMs. * Add tests for scratch module builds and adjust existing tests for new ``scratch`` option. * Allow custom SRPMs with local module builds for consistency with module scratch builds. Allow passing arguments to "mbs-manager build_module_locally". ----- It is now possible to build modules offline without any external infrastructure using the MBS. This is done by passing ``--offline`` and ``-r``/``--repository`` flags to mbs-manager and the list of repositories for the base module. Remove the ability to parse a module's branch ----- Remove the ability to parse a module's branch automatically to determine the base module stream override. This functionality was moved to MBS directly instead of having rpkg do it: [PR#1176](https://pagure.io/fm-orchestrator/pull- request/1176) Permit setting arbitrary rpm macros during build ----- Added argument ``--define`` to pass custom macros to ``rpmbuild``. May be specified multiple times. Applicable to commands: ``compile``, ``install``, ``local``, ``prep``, ``srpm``, ``verify-files``. Ignore files in a cloned repository ----- Git will ignore automatically generated files. Ignored patterns can be specified in ``rhpkg``/``fedpkg`` config. Patterns are applied in ``.git/info/exclude`` file only when repository is cloned. And changes are valid only for local repository. Pass specific arguments to "mock" ----- In ``mockbuild``: * Pass ``--enable-network`` to "mock" command. * Pass ``--disablerepo`` and ``--enablerepo`` to "mock" command. Both arguments can be used multiple times. Added "depth" argument to "git clone" ----- Added ``--depth`` argument for ``git clone`` command. It creates a shallow clone with a history truncated to the specified number of commits. Cloning mostly applies with single branch (with argument ``--branch``). Watch multiple module builds ----- Code is written to be able to watch multiple module builds just after submitting a module build. Command ``module-build-watch`` also accepts command line arguments (multiple ``build_id``) to watch specified builds. Show module build links in output from command module-build ----- If not watch module build, show build links in order to be easy to link to module build in Web browser. Add the ability to configure multiple regex expressions ----- Add the ability to configure multiple regex expressions for ``base_module_stream_regex_from_branch``. Add "retire" command supporting both packages and modules ----- There was previously a ``retire`` command in ``fedpkg`` supporting only packages. This brings the ``retire`` command into ``rpkg`` with added support for a module-specific ``dead.module`` marker file. Import srpm without uploading sources ----- Add new argument ``--offline`` for command ``import``. Files won't be uploaded to lookaside cache. Ignore any specified profile when finding the Flatpak build target ----- The source module for a Flatpak build can be specified as something like ``flatpak-runtime:28/sdk`` to indicate that the Flatpak is built from the "sdk" profile of the flatpak-runtime module. This should be ignored when looking up module builds to find the platform stream and build target. Added update-docs script ----- Script (``doc/update-docs.sh``) that updates html documentation git repository on ``Pagure``. And unify it with ``fedpkg`` version of the script. fedpkg ===== This release requires ``rpkg >= 1.58``. Ignore files in a cloned repository ----- Git will ignore automatically generated files. Ignored patterns can be specified in config. Initial patterns were added. Patterns are applied in ``.git/info/exclude`` file only when repository is cloned. And changes are valid only for local repository. Enable shell completion for module scratch builds ----- * Add custom SRPM shell completion with local module builds. * Add missing shell completion options for local module builds. * Require SRPMs to be specified individually using multiple ``--srpm SRPM`` options. * Enable completion of modulemd file path by yaml extension. Show hint when Pagure token expires ----- When Pagure token is expired, hint is added in commands ``fedpkg request-repo`` and ``fedpkg request- branch`` to keep user informed how to renew the token. Include possible distprefix in "--define dist" for Forge-based packages ----- In forge based packages, and most notably all Golang packages, dist tag are computed by a lua script in order to generate a snapshot date and shortcommit. This patch passes the computed ``%{?distprefix}`` in ``dist`` to take into account the specificity of Forge based packages. Other small fixes ----- * Make ``fedpkg update`` output a report after success. * Fix fedpkg update --bugs detection. * The ``retire`` command is now included in rpkg, supporting both packages and modules. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Ondrej Nosek onosek@redhat.com - 1.37-1 - Ignore files in a cloned repository - patterns (onosek) - Create env without --system-site-packages enabled to run flake8 (cqi) - Include possible distprefix in --define dist for Forge-based packages (zebob.m) - Revise shell completion for module scratch builds to require SRPMs to be specified individually using multiple '--srpm SRPM' options, and enable completion of modulemd file path by yaml extension. (mmathesi) - Enable shell completion for module scratch builds. Add custom SRPM shell completion with local module builds. Add missing shell completion options for local module builds. (mmathesi) - Make fedpkg update output a report after success - #315 (zebob.m) - Retire 'retire' command from 'fedpkg' (mmathesi) - More specific expression for bug search (onosek) - Fix fedpkg update --bugs detection (zebob.m) - README: add links and format change (onosek) - Show hint when Pagure token expires - #285 (onosek) --------------------------------------------------------------------------------
================================================================================ gnome-shell-extension-system-monitor-applet-38-1.fc28 (FEDORA-2019-16be45046d) A Gnome shell system monitor extension -------------------------------------------------------------------------------- Update Information:
New upstream release (Fedora patches applied - RHBZ#1703693) ---- Updated to last upstream commits -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Nicolas Vi��ville nicolas.vieville@uphf.fr - 1:38-1 - New upstream release (Fedora patches applied - RHBZ#1703693) - Dropped previous Fedora patches * Sat Apr 27 2019 Nicolas Vi��ville nicolas.vieville@uphf.fr - 1:36-5.20190427gitc08bfd7 - Updated to last upstream commits - Reworked Makefile - Support for gnome-shell 3.32 added - Added patches to support Fedora RPM package build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703693 - gnome-shell-extension-system-monitor-applet doesn't work with gnome 3.32 but it is in the Fedora 30 repo https://bugzilla.redhat.com/show_bug.cgi?id=1703693 --------------------------------------------------------------------------------
================================================================================ golang-github-facebookarchive-inject-0-0.3.20190326gitf23751c.fc28 (FEDORA-2019-5aca9795b0) Package inject provides a reflect based injector -------------------------------------------------------------------------------- Update Information:
bump to rebuild the subpackage for the non-archived import path ---- First package for Fedora -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1691615 - Review Request: golang-github-facebookarchive-inject - provides a reflect based injector https://bugzilla.redhat.com/show_bug.cgi?id=1691615 --------------------------------------------------------------------------------
================================================================================ golang-github-facebookarchive-structtag-0-0.3.20190327git217e25f.fc28 (FEDORA-2019-ce06a50d01) Package providing parsing of the defacto struct tag style -------------------------------------------------------------------------------- Update Information:
bump to rebuild the subpackage for the non-archived import path ---- First package for Fedora -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1691117 - Review Request: golang-github-facebookarchive-structtag - parsing of the defacto struct tag style https://bugzilla.redhat.com/show_bug.cgi?id=1691117 --------------------------------------------------------------------------------
================================================================================ kernel-5.0.10-100.fc28 (FEDORA-2019-86e0db6dbb) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 5.0.10 update contains a number of important fixes across the tree. Note there were no changes to the headers or tools packages so there are no builds for them -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Laura Abbott labbott@redhat.com - 5.0.10-100 - Linux v5.0.10 * Thu Apr 25 2019 Justin M. Forbes jforbes@fedoraproject.org - Fix CVE-2019-3900 (rhbz 1698757 1702940) * Tue Apr 23 2019 Jeremy Cline jcline@redhat.com - Allow modules signed by keys in the platform keyring (rbhz 1701096) * Tue Apr 23 2019 Justin M. Forbes jforbes@fedoraproject.org - Fix CVE-2019-9503 rhbz 1701842 1701843 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1701842 - CVE-2019-9503 kernel: brcmfmac frame validation bypass https://bugzilla.redhat.com/show_bug.cgi?id=1701842 [ 2 ] Bug #1698757 - CVE-2019-3900 Kernel: vhost_net: infinite loop while receiving packets leads to DoS https://bugzilla.redhat.com/show_bug.cgi?id=1698757 --------------------------------------------------------------------------------
================================================================================ mingw-uriparser-0.9.3-1.fc28 (FEDORA-2019-0153d664b2) MinGW Windows uriparser library -------------------------------------------------------------------------------- Update Information:
Update to uriparser-0.9.3, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.3/ChangeLog for details. ---- Update to uriparser-0.8.2, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.2/ChangeLog for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Sandro Mani manisandro@gmail.com - 0.9.3-1 - Update to 0.9.3 * Tue Apr 23 2019 Sandro Mani manisandro@gmail.com - 0.9.2-1 - Update to 0.9.2 * Fri Feb 1 2019 Fedora Release Engineering releng@fedoraproject.org - 0.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ perl-FFI-CheckLib-0.24-1.fc28 (FEDORA-2019-c40c1ca322) Check that a library is available for FFI -------------------------------------------------------------------------------- Update Information:
This release adds support for linker scripts when discovering installed libraries. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Petr Pisar ppisar@redhat.com - 0.24-1 - 0.24 bump -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703675 - perl-FFI-CheckLib-0.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1703675 --------------------------------------------------------------------------------
================================================================================ phan-1.3.2-1.fc28 (FEDORA-2019-33d575ddfd) A static analyzer for PHP -------------------------------------------------------------------------------- Update Information:
8 Apr 2019, **Phan 1.3.2** **New features (CLI, Configs):** + Add `--debug`/`-D` flag to generate verbose debug output. This is useful when looking into poor performance or unexpected behavior (e.g. infinite loops or crashes). + Suggest similarly named plugins if `--plugin SomePluginName` refers to a built-in plugin that doesn't exist. + Add `assume_no_external_class_overrides` - When enabled, Phan will more aggressively assume class elements aren't overridden. - e.g. infer that non-final methods without return statements have type `void`. Disabled by default. **New features **(Analysis):** + Support locally tracking assignments to and conditionals on `$this->prop` inside of function scopes. (#805, #204) This supports only one level of nesting. (i.e. Phan will not track `$this->prop->subProp` or `$this->prop['field']`) Properties are deliberately tracked for just the variable `$this` (which can't be reassigned), and not other variables. + Fix false positives with dead code detection for internal stubs in `autoload_internal_extension_signatures`. (#2605) + Add a way to escape/unescape array shape keys (newlines, binary data, etc) (#1664) e.g. `@return array{\n\r\t\x01\:true}` in phpdoc would correspond to `return ["\n\r\t\x01\" => true];` **Plugins:** + Add `FFIAnalysisPlugin` to avoid false positives in uses of PHP 7.4's `FFI\CData` (#2659) (C data of scalar types may be read and assigned as regular PHP data. `$x = FFI::new(���int���); $x = 42;`) Note that this is only implemented for variables right now. ---- 20 Apr 2019, **Phan 1.3.1** **New features(Analysis):** + Fix false positive `PhanTypeMismatchReturnNullable` and `PhanTypeMismatchArgumentNullable` introduced in 1.3.0 (#2667) + Emit `PhanPossiblyNullTypeMismatchProperty` instead of `PhanTypeMismatchProperty` when assigning `?T` to a property expecting a compatible but non-nullable type. (The same issue was already emitted when the internal union type representation was `T|null` (not `?T`) and strict property type checking was enabled) **Plugins:** + Add `PossiblyStaticMethodPlugin` to detect instance methods that can be changed to static methods (#2609) + Fix edge cases checking if left/right-hand side of binary operations are numbers in `NumericalComparisonPlugin` ---- 19 Apr 2019, Phan **1.3.0** **New features(Analysis):** + Fix false positive `UnusedSuppression` when a doc comment suppresses an issue about itself. (#2571) + Improve analysis of argument unpacking with reference parameters, fix false positive `PhanTypeNonVarPassByRef` (#2646) + In issue descriptions and suggestions, replace invalid utf-8 (and literal newlines) with placeholders (#2645) + Suggest typo fixes in `PhanMisspelledAnnotation` for `@phan-*` annotations. (#2640) + Emit `PhanUnreferencedClass` when the only references to a class or its elements are within that class. Previously, it would fail to be emitted when a class referenced itself. + Emit `PhanUnusedPublicNoOverrideMethodParameter` for method parameters that are not overridden and are not overrides. (#2539) This is expected to have a lower false positive rate than `PhanUnusedPublicMethodParameter` because parameters might be unused by some of the classes overriding/implementing a method. Setting `unused_variable_detection_assume_override_exists` to true in `.phan/config.php` can be used to continue emitting the old issue names instead of `*NoOverride*` equivalents. + Warn about more numeric operations(+, /, etc) on unknown strings and non-numeric literal strings (#2656) The settings `scalar_implicit_cast` and `scalar_implicit_partial` affect this for the `string` union type but not for literals. + Improve types inferred from checks such as `if (is_array($var['field'])) { use($var['field']); }` and `if ($var['field'] instanceof stdClass) {...}` (#2601) + Infer that $varName is non- null and an object for conditions such as `if (isset($varName->field['prop']))` + Be more consistent about warning when passing `?SomeClass` to a parameter expecting non-null `SomeClass`. + Add `PhanTypeMismatchArgumentNullable*` and `PhanTypeMismatchReturnNullable` when the main reason the type check failed was nullability Previously, Phan would fail to detect that some nullable class instances were incompatible with the non-null expected types in some cases. + Improve analysis of negation of `instanceof` checks on nullable types. (#2663) **Language Server/Daemon mode:** + Analyze new but unsaved files, if they would be analyzed by Phan once they actually were saved to disk. **Plugins:** + Warn about assignments where the left and right hand side are the same expression in `DuplicateExpressionPlugin` (#2641) New issue type: `PhanPluginDuplicateExpressionAssignment` **Deprecations:** + Print a message to stderr if the installed php-ast version is older than 1.0.1. A future major Phan version of Phan will probably depend on AST version 70 to support new syntax found in PHP 7.4. + Print a message to stderr if the installed PHP version is 7.0. A future major version of Phan will require PHP 7.1+ to run. Phan will still continue to support setting `target_php_version` to `'7.0'` and `--target-php-version 7.0` in that release. **Bug fixes:** + Fix edge cases in how Phan checks if files are in `exclude_analysis_directory_list` (#2651) + Fix crash parsing comma in string literal in array shape (#2597) (e.g. `@param array{0:'test,other'} $x`) -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Remi Collet remi@remirepo.net - 1.3.2-1 - update to 1.3.2 * Tue Apr 23 2019 Remi Collet remi@remirepo.net - 1.3.1-1 - update to 1.3.1 --------------------------------------------------------------------------------
================================================================================ python-dask-1.2.1-1.fc28 (FEDORA-2019-3ea6624ec3) Parallel PyData with Task Scheduling -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704332 - python-dask-1.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704332 --------------------------------------------------------------------------------
================================================================================ python-gnupg-0.4.4-1.fc28 (FEDORA-2019-9dfd44e1e9) A wrapper for the Gnu Privacy Guard (GPG or GnuPG) -------------------------------------------------------------------------------- Update Information:
Resolves rhbz#1670364 Fixes CVE-2019-6690 -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 26 2019 Paul Wouters pwouters@redhat.com - 0.4.4-1 - Resolves rhbz#1670364 Fixes CVE-2019-6690 * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1670364 - CVE-2019-6690 python-gnupg: improper input validation in gnupg.GPG.encrypt() and gnupg.GPG.decrypt() https://bugzilla.redhat.com/show_bug.cgi?id=1670364 --------------------------------------------------------------------------------
================================================================================ python-metakernel-0.21.0-1.fc28 (FEDORA-2019-719562d0af) Metakernel for Jupyter -------------------------------------------------------------------------------- Update Information:
Release 0.21.0 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Mattias Ellert mattias.ellert@physics.uu.se - 0.21.0-1 - Update to version 0.21.0 - Drop patch python-metakernel-adjustment-for-newer-jedi.patch (backported) - Drop patch python-metakernel-python-exec.patch (accepted upstream) * Sat Feb 2 2019 Fedora Release Engineering releng@fedoraproject.org - 0.20.14-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Fri Nov 16 2018 Mattias Ellert mattias.ellert@physics.uu.se - 0.20.14-9 - Adapt to Python 3 only ipcluster in Fedora >= 30 * Tue Nov 13 2018 Mattias Ellert mattias.ellert@physics.uu.se - 0.20.14-8 - Don't build Python 2 packages for Fedora >= 30 * Mon Jul 16 2018 Mattias Ellert mattias.ellert@physics.uu.se - 0.20.14-7 - Don't rely on 'python' in path during testing * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 0.20.14-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703810 - python-metakernel-0.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1703810 --------------------------------------------------------------------------------
================================================================================ python-mne-bids-0.2-1.fc28 (FEDORA-2019-98c76b8436) Experimental code for BIDS using MNE -------------------------------------------------------------------------------- Update Information:
New upstream version -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Luis Bazan lbazan@fedoraproject.org - 0.2-1 - New upstream version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1703491 - python-mne-bids-0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1703491 --------------------------------------------------------------------------------
================================================================================ rpkg-1.58-1.fc28 (FEDORA-2019-e4359dc92a) Python library for interacting with rpm+git -------------------------------------------------------------------------------- Update Information:
Release of rpkg+fedpkg contains enhancements and fixes as well. Described are mostly more significant enhancements and fixes. rpkg ==== Improvements for scratch module builds ------ * Allow ``module-build-watch`` to exit when a scratch build completes. * Add scratch status to ``module-build-info`` output. * Add scratch module build sub-commands and updates for handling custom modulemd file and SRPMs. * Add tests for scratch module builds and adjust existing tests for new ``scratch`` option. * Allow custom SRPMs with local module builds for consistency with module scratch builds. Allow passing arguments to "mbs-manager build_module_locally". ----- It is now possible to build modules offline without any external infrastructure using the MBS. This is done by passing ``--offline`` and ``-r``/``--repository`` flags to mbs-manager and the list of repositories for the base module. Remove the ability to parse a module's branch ----- Remove the ability to parse a module's branch automatically to determine the base module stream override. This functionality was moved to MBS directly instead of having rpkg do it: [PR#1176](https://pagure.io/fm-orchestrator/pull- request/1176) Permit setting arbitrary rpm macros during build ----- Added argument ``--define`` to pass custom macros to ``rpmbuild``. May be specified multiple times. Applicable to commands: ``compile``, ``install``, ``local``, ``prep``, ``srpm``, ``verify-files``. Ignore files in a cloned repository ----- Git will ignore automatically generated files. Ignored patterns can be specified in ``rhpkg``/``fedpkg`` config. Patterns are applied in ``.git/info/exclude`` file only when repository is cloned. And changes are valid only for local repository. Pass specific arguments to "mock" ----- In ``mockbuild``: * Pass ``--enable-network`` to "mock" command. * Pass ``--disablerepo`` and ``--enablerepo`` to "mock" command. Both arguments can be used multiple times. Added "depth" argument to "git clone" ----- Added ``--depth`` argument for ``git clone`` command. It creates a shallow clone with a history truncated to the specified number of commits. Cloning mostly applies with single branch (with argument ``--branch``). Watch multiple module builds ----- Code is written to be able to watch multiple module builds just after submitting a module build. Command ``module-build-watch`` also accepts command line arguments (multiple ``build_id``) to watch specified builds. Show module build links in output from command module-build ----- If not watch module build, show build links in order to be easy to link to module build in Web browser. Add the ability to configure multiple regex expressions ----- Add the ability to configure multiple regex expressions for ``base_module_stream_regex_from_branch``. Add "retire" command supporting both packages and modules ----- There was previously a ``retire`` command in ``fedpkg`` supporting only packages. This brings the ``retire`` command into ``rpkg`` with added support for a module-specific ``dead.module`` marker file. Import srpm without uploading sources ----- Add new argument ``--offline`` for command ``import``. Files won't be uploaded to lookaside cache. Ignore any specified profile when finding the Flatpak build target ----- The source module for a Flatpak build can be specified as something like ``flatpak-runtime:28/sdk`` to indicate that the Flatpak is built from the "sdk" profile of the flatpak-runtime module. This should be ignored when looking up module builds to find the platform stream and build target. Added update-docs script ----- Script (``doc/update-docs.sh``) that updates html documentation git repository on ``Pagure``. And unify it with ``fedpkg`` version of the script. fedpkg ===== This release requires ``rpkg >= 1.58``. Ignore files in a cloned repository ----- Git will ignore automatically generated files. Ignored patterns can be specified in config. Initial patterns were added. Patterns are applied in ``.git/info/exclude`` file only when repository is cloned. And changes are valid only for local repository. Enable shell completion for module scratch builds ----- * Add custom SRPM shell completion with local module builds. * Add missing shell completion options for local module builds. * Require SRPMs to be specified individually using multiple ``--srpm SRPM`` options. * Enable completion of modulemd file path by yaml extension. Show hint when Pagure token expires ----- When Pagure token is expired, hint is added in commands ``fedpkg request-repo`` and ``fedpkg request- branch`` to keep user informed how to renew the token. Include possible distprefix in "--define dist" for Forge-based packages ----- In forge based packages, and most notably all Golang packages, dist tag are computed by a lua script in order to generate a snapshot date and shortcommit. This patch passes the computed ``%{?distprefix}`` in ``dist`` to take into account the specificity of Forge based packages. Other small fixes ----- * Make ``fedpkg update`` output a report after success. * Fix fedpkg update --bugs detection. * The ``retire`` command is now included in rpkg, supporting both packages and modules. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Ond��ej Nosek onosek@redhat.com - 1.58-1 - Ignore files in a cloned repository - #355 (onosek) - Handle data from python RPM binding as UTF-8 string (zebob.m) - srpm_import: be compatible with rhbz#1693751 (praiskup) - Pass --enable-network to mock - 314 (onosek) - Enhance 'module-overview' sub-command to show scratch status of modules. (mmathesi) - Remove the ability to parse a module's branch automatically to determine the base module stream override (mprahl) - Improvements for scratch module builds (mmathesi) - Updates to support scratch module builds (mmathesi) - Refactor fake Koji credential handling from TestBuildPackage class into new FakeKojiCreds class so it can be shared with TestModulesCli class. (mmathesi) - Make Koji upload methods more generic so they can be reused. (mmathesi) - Allow passing --offline and -r to mbs-manager build_module_locally. (jkaluza) - Depth param for clone - tuning (onosek) - Depth param for clone - #363 (onosek) - Pass --disablerepo and --enablerepo to mock - 313 (onosek) - Import srpm without uploading sources - rhbz#1175262 (onosek) - Ignore any specified profile when finding the Flatpak build target (otaylor) - Show module build links in output from command module-build (cqi) - Add 'retire' command supporting both packages and modules (mmathesi) - Fix "push --force" (tim) - Container-build returns its status to command-line - #415 (onosek) - Upload .crate files to lookaside cache - 312 (onosek) - Restrict version of PyYAML on Python 2.6 (lsedlar) - Simplify srpm method (onosek) - Permit setting arbitrary rpm macros during build (riehecky) - Add the ability to configure multiple regex expressions for base_module_stream_regex_from_branch (mprahl) - Do not require PyGObject in setup.py - rhbz#1679365 (onosek) - Fixing failing Jenkins tests (onosek) - Unify update-docs script with fedpkg version (onosek) - README: add links (onosek) - Watch multiple module builds (cqi) - Added update-docs script (onosek) * Thu Apr 25 2019 Ond��ej Nosek onosek@redhat.com - 1.57-9 - yet another compat fix with RPM after rhbz#1693751 * Fri Apr 19 2019 Pavel Raiskup praiskup@redhat.com - 1.57-8 - compat fix with RPM after rhbz#1693751 * Wed Mar 20 2019 Igor Gnatenko ignatenkobrain@fedoraproject.org - 1.57-7 - Backport patch for uploading *.crate into lookaside --------------------------------------------------------------------------------
================================================================================ ruby-2.5.5-108.fc28 (FEDORA-2019-feac6674b7) An interpreter of object-oriented scripting language -------------------------------------------------------------------------------- Update Information:
Rebase to latest minor version fixes CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 4 2019 Pavel Valena pvalena@redhat.com - 2.5.5-108 - Update to Ruby 2.5.5. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1692530 - CVE-2019-8320 CVE-2019-8321 CVE-2019-8322 CVE-2019-8323 CVE-2019-8324 CVE-2019-8325 rubygems: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1692530 --------------------------------------------------------------------------------
================================================================================ uriparser-0.9.3-1.fc28 (FEDORA-2019-0153d664b2) URI parsing library - RFC 3986 -------------------------------------------------------------------------------- Update Information:
Update to uriparser-0.9.3, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.3/ChangeLog for details. ---- Update to uriparser-0.8.2, see https://github.com/uriparser/uriparser/blob/uriparser-0.9.2/ChangeLog for details. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Sandro Mani manisandro@gmail.com - 0.9.3-1 - Update to 0.9.3 * Tue Apr 23 2019 Sandro Mani manisandro@gmail.com - 0.9.2-1 - Update to 0.9.2 * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 0.9.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ xtl-0.6.4-1.fc28 (FEDORA-2019-721b141d8e) QuantStack tools library -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 Elliott Sales de Andrade quantum.analyst@gmail.com - 0.6.4-1 - Update to latest version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1704420 - xtl-0.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1704420 --------------------------------------------------------------------------------
================================================================================ zstd-1.4.0-1.fc28 (FEDORA-2019-d57f57bf21) Zstd compression library -------------------------------------------------------------------------------- Update Information:
Latest upstream -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 29 2019 P��draig Brady P@draigBrady.com - 1.4.0-1 - Latest upstream * Sun Feb 3 2019 Fedora Release Engineering releng@fedoraproject.org - 1.3.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild --------------------------------------------------------------------------------