Category Archives: Fedora

Fedora – Security Updates

qt5-qtwebengine-5.8.0-8.fc26

This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.

Other immediately usable changes in QtWebEngine 5.8 include:

* Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)
* The `view-source:` scheme is now supported.
* User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.
* Some `chrome:` schemes now supported, for instance `chrome://gpu`.
* Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details.

The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated):

* Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.
* Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)
* Added a setting to enable printing of CSS backgrounds.

The following new QML APIs are available to developers:

* Tooltips (HTML5 global title attribute) are now also supported in the QML API.
* Qt WebEngine (QML) allows defining custom dialogs / context menus.
* Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.

qt5-qtwebengine-5.8.0-8.fc25

This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update.

The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651.

Other immediately usable changes in QtWebEngine 5.8 include:

* Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.)
* The `view-source:` scheme is now supported.
* User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey.
* Some `chrome:` schemes now supported, for instance `chrome://gpu`.
* Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details.

The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated):

* Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format.
* Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.)
* Added a setting to enable printing of CSS backgrounds.

The following new QML APIs are available to developers:

* Tooltips (HTML5 global title attribute) are now also supported in the QML API.
* Qt WebEngine (QML) allows defining custom dialogs / context menus.
* Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2.

dovecot-2.2.29.1-1.fc26

+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.

dovecot-2.2.29.1-1.fc24

+ quota: Add plugin { quota_max_mail_size } setting to limit the
maximum individual mail size that can be saved.
+ imapc: Add imapc_features=delay-login. If set, connecting to the
remote IMAP server isn’t done until it’s necessary.
+ imapc: Add imapc_connection_retry_count and
imapc_connection_retry_interval settings.
+ imap, pop3, indexer-worker: Add (deinit) to process title before
autoexpunging runs.
+ Added %{encrypt} and %{decrypt} variables
+ imap/pop3 proxy: Log proxy state in errors as human-readable string.
+ imap/pop3-login: All forward_* extra fields returned by passdb are
sent to the next hop when proxying using ID/XCLIENT commands. On the
receiving side these fields are imported and sent to auth process
where they’re accessible via %{passdb:forward_*}. This is done only
if the sending IP address matches login_trusted_networks.
+ imap-login: If imap_id_retain=yes, send the IMAP ID string to
auth process. %{client_id} expands to it in auth process. The ID
string is also sent to the next hop when proxying.
+ passdb imap: Use ssl_client_ca_* settings for CA validation.
– fts-tika: Fixed crash when parsing attachment without
Content-Disposition header. Broken by 2.2.28.
– trash plugin was broken in 2.2.28
– auth: When passdb/userdb lookups were done via auth-workers, too much
data was added to auth cache. This could have resulted in wrong
replies when using multiple passdbs/userdbs.
– auth: passdb { skip & mechanisms } were ignored for the first passdb
– oauth2: Various fixes, including fixes to crashes
– dsync: Large Sieve scripts (or other large metadata) weren’t always
synced.
– Index rebuild (e.g. doveadm force-resync) set all mails as Recent
– imap-hibernate: %{userdb:*} wasn’t expanded in mail_log_prefix
– doveadm: Exit codes weren’t preserved when proxying commands via
doveadm-server. Almost all errors used exit code 75 (tempfail).
– ACLs weren’t applied to not-yet-existing autocreated mailboxes.
– Fixed a potential crash when parsing a broken message header.
– cassandra: Fallback consistency settings weren’t working correctly.
– doveadm director status : “Initial config” was always empty
– imapc: Various reconnection fixes.

php-pear-CAS-1.3.5-1.el7

**Changes in version 1.3.5**

* Security Fixes:
* Fix possible authentication bypass in validateCAS20 [#228] (Gregory Boddin)

* Bug Fixes:
* Fix file permissions (non-executable) [#177] (Remi Collet)
* Fixed translations Greek and Japanese [#192] (ikari7789)
* Fix errors under phpdbg [#204] (MasonM)
* Fix logout replication error [#213] (Gregory Boddin)

* Improvement:
* Add more debug info to logout code [#95] (Joachim Fritschi)
* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi)
* Improved verification of supplied CA arguments [#172] (Joachim Fritschi)
* Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)
* Add message to CAS_Authentication_Exception [#197] (Baldinof)
* Ingnore composer related files and directories [#201] (greg0ire)
* Add setter for cas client [#206] (greg0ire)
* Add callback for attribute parsing [#205] (Gregory Boddin)
* Added setter for base url [#208] (LeopardDennis)
* Fix documentation of code documentation [#216] (erozqba)
* Improved https detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin)
* Add language support for simplified chinese [#227] (phy25)