The following Fedora 23 Security updates need testing: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12380/xfsprogs-3.2.4-1.fc23 The following Fedora 23 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12380/xfsprogs-3.2.4-1.fc23 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12378/curl-7.43.0-2.fc23 0 https://admin.fedoraproject.org/updates/FEDORA-2015-12387/libfm-1.2.3-13.D20150728git47d0c1dd7d.fc23 The following builds have been pushed to Fedora 23 updates-testing csnappy-0-3.20150729gitd7bc683.fc23 curl-7.43.0-2.fc23 docker-client-3.1.1-1.fc23 golang-github-armon-circbuf-0-0.2.gitf092b4f.fc23 golang-github-armon-go-metrics-0-0.2.gita54701e.fc23 golang-github-armon-gomdb-0-0.3.git151f2e0.fc23 golang-github-boltdb-bolt-1.0-0.2.git980670a.fc23 gstreamer1-plugins-good-1.5.2-2.fc23 hiera-1.3.4-4.fc23 hplip-3.15.7-3.fc23 jnr-posix-3.0.17-1.fc23 libfm-1.2.3-13.D20150728git47d0c1dd7d.fc23 libinput-0.20.0-6.fc23 nodejs-validate-npm-package-name-2.2.2-2.fc23 perl-File-Find-Rule-Age-0.302-3.fc23 perl-Git-Repository-1.315-1.fc23 perl-HTTP-BrowserDetect-2.05-1.fc23 perl-Test-Moose-More-0.033-1.fc23 php-nrk-Predis-1.0.2-1.fc23 puppet-4.2.1-1.fc23 python-ldap3-0.9.8.6-1.fc23 scim-1.4.15-5.fc23 stoken-0.9-1.fc23 whois-5.2.10-1.fc23 xfsprogs-3.2.4-1.fc23 zsh-5.0.8-6.fc23 Details about builds: ================================================================================ csnappy-0-3.20150729gitd7bc683.fc23 (FEDORA-2015-12384) Snappy compression library ported to C -------------------------------------------------------------------------------- Update Information: This release corrects a test to work on AArch64 and PPC64 platforms. It also corrects GCC compiler detection. It specifies all build-time dependencies. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0-3.20150729gitd7bc683 - Rebase to d7bc683b6eaba225f483621485035a8044634376 -------------------------------------------------------------------------------- ================================================================================ curl-7.43.0-2.fc23 (FEDORA-2015-12378) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: enable support for HTTP/2 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 7.43.0-2 - prevent dnf from crashing when using both FTP and HTTP (#1248389) - build support for the HTTP/2 protocol -------------------------------------------------------------------------------- ================================================================================ docker-client-3.1.1-1.fc23 (FEDORA-2015-12391) Docker Client -------------------------------------------------------------------------------- Update Information: Update to upstream 3.1.1 release. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Alexander Kurtakov <akurtako@xxxxxxxxxx> 3.1.1-1 - Update to upstream 3.1.1 release. * Wed Jul 22 2015 Roland Grunberg <rgrunber@xxxxxxxxxx> - 3.0.0-2 - Support the 1.19 Docker Remote API. - Support SO_LINGER option needed when httpcomponents-core >= 4.4. -------------------------------------------------------------------------------- ================================================================================ golang-github-armon-circbuf-0-0.2.gitf092b4f.fc23 (FEDORA-2015-12394) Golang circular (ring) buffer -------------------------------------------------------------------------------- Update Information: Update of spec file to spec-2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Fridolin Pokorny <fpokorny@xxxxxxxxxx> - 0-0.2.gitf092b4f - Update of spec file to spec-2.0 resolves: #1248497 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248497 - Tracker for golang-github-armon-circbuf https://bugzilla.redhat.com/show_bug.cgi?id=1248497 -------------------------------------------------------------------------------- ================================================================================ golang-github-armon-go-metrics-0-0.2.gita54701e.fc23 (FEDORA-2015-12375) Exporting performance and runtime metrics to external metrics systems -------------------------------------------------------------------------------- Update Information: Update of spec file to spec-2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Fridolin Pokorny <fpokorny@xxxxxxxxxx> - 0-0.2.gita54701e - Update of spec file to spec-2.0 resolves: #1248645 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248645 - Tracker for golang-github-armon-go-metrics https://bugzilla.redhat.com/show_bug.cgi?id=1248645 -------------------------------------------------------------------------------- ================================================================================ golang-github-armon-gomdb-0-0.3.git151f2e0.fc23 (FEDORA-2015-12381) Go wrapper for LMDB - OpenLDAP Lightning Memory-Mapped Database -------------------------------------------------------------------------------- Update Information: Update of spec file to spec-2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Fridolin Pokorny <fpokorny@xxxxxxxxxx> - 0-0.3.git151f2e0 - Update of spec file to spec-2.0 resolves: #1248536 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248536 - Tracker for golang-github-armon-gomdb https://bugzilla.redhat.com/show_bug.cgi?id=1248536 -------------------------------------------------------------------------------- ================================================================================ golang-github-boltdb-bolt-1.0-0.2.git980670a.fc23 (FEDORA-2015-12388) A low-level key/value database for Go -------------------------------------------------------------------------------- Update Information: Update of spec file to spec-2.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Fridolin Pokorny <fpokorny@xxxxxxxxxx> - 1.0-0.2.git980670a - Update of spec file to spec-2.0 resolves: #1246207 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1246207 - Tracker for golang-github-boltdb-bolt https://bugzilla.redhat.com/show_bug.cgi?id=1246207 -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-good-1.5.2-2.fc23 (FEDORA-2015-12389) GStreamer plugins with good code and licensing -------------------------------------------------------------------------------- Update Information: Add missing dependencies required by ximagesrc. (#1136317) -------------------------------------------------------------------------------- ChangeLog: * Sat Jul 18 2015 Francesco Frassinelli <fraph24@xxxxxxxxx> - 1.5.2-2 - Add missing dependencies required by ximagesrc. (#1136317) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1136317 - ximagesrc returns black screen https://bugzilla.redhat.com/show_bug.cgi?id=1136317 -------------------------------------------------------------------------------- ================================================================================ hiera-1.3.4-4.fc23 (FEDORA-2015-12386) A simple hierarchical database supporting plugin data sources -------------------------------------------------------------------------------- Update Information: Removed 0001-Fix-errors-with-Puppet-4.patch -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Gaël Chamoulaud <gchamoul@xxxxxxxxxx> - 1.3.4-4 - Removed 0001-Fix-errors-with-Puppet-4.patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1242676 - hiera broken in Fedora 22 https://bugzilla.redhat.com/show_bug.cgi?id=1242676 -------------------------------------------------------------------------------- ================================================================================ hplip-3.15.7-3.fc23 (FEDORA-2015-12379) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: This update fixes (recently merged) hpijs Obsoletes & Provides. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.15.7-3 - fix hpijs Obsoletes & Provides - remove Group tag * Wed Jul 29 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 3.15.7-2 - merge hpijs into main package (#1033952#14) - ship hp-config_usb_printer in main package along with udev rule and unit file (#1033952#11) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1033952 - hp-plugin works only till the printer is turned off https://bugzilla.redhat.com/show_bug.cgi?id=1033952 -------------------------------------------------------------------------------- ================================================================================ jnr-posix-3.0.17-1.fc23 (FEDORA-2015-12390) Java Posix layer -------------------------------------------------------------------------------- Update Information: Update to upstream 3.0.17 version. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Alexander Kurtakov <akurtako@xxxxxxxxxx> 3.0.17-1 - Update to upstream 3.0.17 version. -------------------------------------------------------------------------------- ================================================================================ libfm-1.2.3-13.D20150728git47d0c1dd7d.fc23 (FEDORA-2015-12387) GIO-based library for file manager-like programs -------------------------------------------------------------------------------- Update Information: Update to the latest git. Patch for highlighting issue accepted by the upstream. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-13.D20150728git47d0c1dd7d - Update to the latest git (the previous patch accepted by the upstream) -------------------------------------------------------------------------------- ================================================================================ libinput-0.20.0-6.fc23 (FEDORA-2015-12385) Input device library -------------------------------------------------------------------------------- Update Information: Fix broken 2fg scrolling on single-touch touchpads (#1246651) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 0.20.0-6 - Fix broken 2fg scrolling on single-touch touchpads (#1246651) - Drop distance threshold for 2fg gesture detection (#1246868) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1246651 - two-finger scroll stopped working with upgrade to 0.20.0-1 https://bugzilla.redhat.com/show_bug.cgi?id=1246651 [ 2 ] Bug #1246868 - Two finger scrolling does not work with first and fourth fingers (cf. Synaptics driver) https://bugzilla.redhat.com/show_bug.cgi?id=1246868 -------------------------------------------------------------------------------- ================================================================================ nodejs-validate-npm-package-name-2.2.2-2.fc23 (FEDORA-2015-12372) Give me a string and I'll tell you if it's a valid npm package name -------------------------------------------------------------------------------- Update Information: Add nodejs_fixdep macro -------------------------------------------------------------------------------- References: [ 1 ] Bug #1237042 - Review Request: nodejs-validate-npm-package-name - Give me a string and I'll tell you if it's a valid npm package name https://bugzilla.redhat.com/show_bug.cgi?id=1237042 -------------------------------------------------------------------------------- ================================================================================ perl-File-Find-Rule-Age-0.302-3.fc23 (FEDORA-2015-12371) Rule to match on file age -------------------------------------------------------------------------------- Update Information: Initial import (#1242724) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1242724 - Review Request: perl-File-Find-Rule-Age - Rule to match on file age https://bugzilla.redhat.com/show_bug.cgi?id=1242724 -------------------------------------------------------------------------------- ================================================================================ perl-Git-Repository-1.315-1.fc23 (FEDORA-2015-12377) Perl interface to Git repositories -------------------------------------------------------------------------------- Update Information: A new version of Git::Repository is available. This release prints the exit code for uknown git errors. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Petr Šabata <contyk@xxxxxxxxxx> - 1.315-1 - 1.315 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248241 - perl-Git-Repository-1.315 is available https://bugzilla.redhat.com/show_bug.cgi?id=1248241 -------------------------------------------------------------------------------- ================================================================================ perl-HTTP-BrowserDetect-2.05-1.fc23 (FEDORA-2015-12373) Determine the Web browser, version, and platform from an HTTP user agent string -------------------------------------------------------------------------------- Update Information: A new version of HTTP::BrowserDetect is available. This release adds support for Windows 10 and Windows Phone 10 Edge browsers. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Petr Šabata <contyk@xxxxxxxxxx> - 2.05-1 - 2.05 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248235 - perl-HTTP-BrowserDetect-2.05 is available https://bugzilla.redhat.com/show_bug.cgi?id=1248235 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Moose-More-0.033-1.fc23 (FEDORA-2015-12392) More tools for testing Moose packages -------------------------------------------------------------------------------- Update Information: This release corrects validate_role() test to check that composed subclass does specified role. It also enhances documentation. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 0.033-1 - 0.033 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248502 - perl-Test-Moose-More-0.033 is available https://bugzilla.redhat.com/show_bug.cgi?id=1248502 -------------------------------------------------------------------------------- ================================================================================ php-nrk-Predis-1.0.2-1.fc23 (FEDORA-2015-12369) PHP client library for Redis -------------------------------------------------------------------------------- Update Information: **Version 1.0.2** (2015-07-30) * IPv6 is now fully supported. * Added `redis` as an accepted scheme for connection parameters. When using this scheme, the rules used to parse URI strings match the provisional registration [published by IANA](http://www.iana.org/assignments/uri-schemes/prov/redis). * Added new or missing commands: `HSTRLEN` (>= 3.2), `ZREVRANGEBYLEX` (>= 2.8) and `MIGRATE` (>= 2.6). * Implemented support for the `ZADD` modifiers `NX|XX`, `CH`, `INCR` (Redis >= 3.0.2) using the simplified signature where scores and members are passed as a named array. * __FIX__: `Predis\Configuration\Options` must not trigger the autoloader when option values are strings (ISSUE #257). * __FIX__: `BITPOS` was not defined in the key-prefix processor (ISSUE #265) and in the replication strategy. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.2-1 - Update to 1.0.2 -------------------------------------------------------------------------------- ================================================================================ puppet-4.2.1-1.fc23 (FEDORA-2015-12374) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Upstream 4.2.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Jul 29 2015 Gael Chamoulaud <gchamoul@xxxxxxxxxx> - 4.2.1-1 - Upstream 4.2.1 * Tue Jul 28 2015 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> 4.1.0-4 - 1246238 - systemd service type changed to 'simple' * Tue Jul 21 2015 Lukas Zapletal <lzap+rpm@xxxxxxxxxx> 4.1.0-3 - Puppet agent is started via exec rather than sub-process -------------------------------------------------------------------------------- ================================================================================ python-ldap3-0.9.8.6-1.fc23 (FEDORA-2015-12382) Strictly RFC 4511 conforming LDAP V3 pure Python client -------------------------------------------------------------------------------- Update Information: Python-ldap3 is a strictly RFC 4511 conforming LDAP V3 pure Python client. The same codebase works with Python, Python 3, PyPy and PyPy3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1241412 - Review Request: python-ldap3 - Strictly RFC 4511 conforming LDAP V3 pure Python client https://bugzilla.redhat.com/show_bug.cgi?id=1241412 -------------------------------------------------------------------------------- ================================================================================ scim-1.4.15-5.fc23 (FEDORA-2015-12370) Smart Common Input Method platform -------------------------------------------------------------------------------- Update Information: Fixes gtk3 input method module dependency. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Peng Wu <pwu@xxxxxxxxxx> - 1.4.15-5 - Fixes gtk3 input method module dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1247900 - gtk3 applications crash with scim-1.4.15-1.fc22 https://bugzilla.redhat.com/show_bug.cgi?id=1247900 -------------------------------------------------------------------------------- ================================================================================ stoken-0.9-1.fc23 (FEDORA-2015-12376) Token code generator compatible with RSA SecurID 128-bit (AES) token -------------------------------------------------------------------------------- Update Information: STDID manipulation fixes -------------------------------------------------------------------------------- ================================================================================ whois-5.2.10-1.fc23 (FEDORA-2015-12383) Improved WHOIS client -------------------------------------------------------------------------------- Update Information: This release adds records for new generic TLDs: aeg., airtel., app., barcelona., bcn., bentley., bet., bharti., bing., bnl., bradesco., cba., cloud., commbank., crown., delta., drive., forum., game., genting., hoteles., hotmail., hsbc., ice., iinet., ipiranga., ist., istanbul., itau., jlc., jprs., lancaster., lasalle., law., lexus., live., man., microsoft., movistar., netbank., nokia., office., omega., orange., pet., play., realty., ricoh., sakura., sanofi., scor., skype., srl., starhub., statoil., studio., swatch., tatamotors., telefonica., toyota., ubs., vista., vistaprint., windows., कॉम., 点看., คอม., קום., नेट., كوم., ком., 닷컴., 大拿., 닷넷., and コム. It also updates records for ki. and vg. TLDs. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 5.2.10-1 - 5.2.10 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248500 - whois-5.2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1248500 -------------------------------------------------------------------------------- ================================================================================ xfsprogs-3.2.4-1.fc23 (FEDORA-2015-12380) Utilities for managing the XFS filesystem -------------------------------------------------------------------------------- Update Information: Gabriel Vlasiu reported that xfs_metadump, part of the xfsprogs suite of tools for the XFS filesystem, did not properly obfuscate data. xfs_metadump properly obfuscates active metadata, but the rest of the space within that fs block comes through in the clear. This could lead to exposure of stale disk data via the produced metadump image. The expectation of xfs_metadump is to obfuscate all but the shortest names in the metadata, as noted in the manpage: By default, xfs_metadump obfuscates most file (regular file, directory and symbolic link) names and extended attribute names to allow the dumps to be sent without revealing confidential information. Extended attribute values are zeroed and no data is copied. The only exceptions are file or attribute names that are 4 or less characters in length. Also file names that span extents (this can only occur with the mkfs.xfs(8) options where -n size > -b size) are not obfuscated. Names between 5 and 8 characters in length inclusively are partially obfuscated. While the xfs_metadump tool can be run by unprivileged users, it requires appropriate permissions to access block devices (such as root) where the sensitive data might be dumped. An unprivileged user, without access to the block device, could not use this flaw to obtain sensitive data they would not otherwise have permission to access. -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Eric Sandeen <sandeen@xxxxxxxxxx> 3.2.4-1 - New upstream release - Addresses CVE-2012-2150 for xfs_metadump -------------------------------------------------------------------------------- References: [ 1 ] Bug #817696 - CVE-2012-2150 xfsprogs: xfs_metadump information disclosure flaw https://bugzilla.redhat.com/show_bug.cgi?id=817696 -------------------------------------------------------------------------------- ================================================================================ zsh-5.0.8-6.fc23 (FEDORA-2015-12393) Powerful interactive shell -------------------------------------------------------------------------------- Update Information: - fix handling of command substitution in math context: http://www.zsh.org/mla/workers/2015/msg01855.html - prevent infinite recursion in ihungetc() (#1245712) -------------------------------------------------------------------------------- ChangeLog: * Thu Jul 30 2015 Kamil Dudka <kdudka@xxxxxxxxxx> - 5.0.8-6 - fix handling of command substitution in math context -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245712 - [abrt] [faf] zsh: ihungetc(): /usr/bin/zsh killed by 11 https://bugzilla.redhat.com/show_bug.cgi?id=1245712 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test