The following Fedora 22 Security updates need testing: Age URL 361 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 310 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 243 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 197 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 186 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 155 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 138 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 138 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 119 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 105 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 78 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 55 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 35 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29 libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22 25 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f44e89fe0 python-tgcaptcha2-0.3.1-1.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816 webkitgtk3-2.4.10-1.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfaf6a133b qemu-2.3.1-13.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c14cf5e34a libmaxminddb-1.2.0-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-79604dde9f mercurial-3.5.2-1.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-250042b8a6 xstream-1.4.9-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f196e4e4a xen-4.5.3-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-246417376c latex2rtf-2.3.10-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9282d83bee php-5.6.20-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f61f02e9e2 fuse-encfs-1.8.1-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb kernel-4.4.6-201.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ad4474058 python-pillow-2.8.2-5.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eb5caa94d parallel-20160222-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 237 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 155 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 152 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 138 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 138 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 67 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 61 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 43 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 35 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507 rpm-4.12.0.1-16.fc22 32 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4072c51267 dracut-041-15.fc22 20 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 17 https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816 webkitgtk3-2.4.10-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57 firefox-45.0.1-2.fc22 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe22f37fba hwdata-0.287-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-18d1833265 thunderbird-38.7.1-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-881765e99c systemtap-3.0-2.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5078f60f9 ntfs-3g-2016.2.22-1.fc22 testdisk-7.0-7.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dedd49a5b7 lorax-22.14-1.fc22 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb kernel-4.4.6-201.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 The following builds have been pushed to Fedora 22 updates-testing did-0.9-1.fc22 fedmsg-0.17.2-1.fc22 geary-0.10.0-5.fc22 glpi-0.90.2-2.fc22 imlib2-1.4.8-1.fc22 parallel-20160222-1.fc22 php-Monolog-1.18.2-1.fc22 php-pear-PHP-CodeSniffer-2.6.0-1.fc22 php-react-promise-2.4.0-1.fc22 postgresql-9.4.7-1.fc22 python-fedmsg-meta-fedora-infrastructure-0.17.3-1.fc22 python-markdown-2.6.6-1.fc22 python-matplotlib-1.4.3-13.fc22 python3-iep-3.7-1.fc22 rpcbind-0.2.3-7.rc1.fc22 wine-1.9.7-1.fc22 Details about builds: ================================================================================ did-0.9-1.fc22 (FEDORA-2016-2f6958d86f) What did you do last week, month, year? -------------------------------------------------------------------------------- Update Information: Trello, bit.ly, yesterday, argparse and more... - New plugins supported: Trello, bit.ly, idonethis - Support 'did yesterday' for yesterday's updates - Ignore comment updates without author specified - User does not have to be assignee to close a bug - Create vim tags using the 'make tags' target - Use option prefix also for git, header and footer - Extend the test coverage for cli, base and utils - Rename DID_CONFIG to DID_DIR to match the content - Improve error handling, especially config errors - Migrate option parsing from optparse to argparse - Configurable support for showing bug resolutions - Support --conf as abbreviation for --config - Initial set of tests for the trac plugin - Improve readability of gerrit by using review number - Improve closed bugs stats, add test case [fix #45] - Add statistics of closed bugs for bugzilla plugin -------------------------------------------------------------------------------- ================================================================================ fedmsg-0.17.2-1.fc22 (FEDORA-2016-a749280d16) Tools for Fedora Infrastructure real-time messaging -------------------------------------------------------------------------------- Update Information: Latest upstream. https://github.com/fedora- infra/fedmsg/blob/develop/CHANGELOG.rst -------------------------------------------------------------------------------- ================================================================================ geary-0.10.0-5.fc22 (FEDORA-2016-7b1cf6e096) A lightweight email program designed around conversations -------------------------------------------------------------------------------- Update Information: Include upstream patches for crashes using WebKitGTK+ 2.4.10. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320223 - SIGSEGV in WebCore::AXObjectCache::handleAttributeChanged https://bugzilla.redhat.com/show_bug.cgi?id=1320223 -------------------------------------------------------------------------------- ================================================================================ glpi-0.90.2-2.fc22 (FEDORA-2016-ee37855896) Free IT asset management software -------------------------------------------------------------------------------- Update Information: **Version 0.90.2** Include bugfixes and some minor features : * An alert in central page when some of your mysql tables are marked as crashed * A better flexibility in splitted layout for small screens * More fields in Search- engine (Document comments, ticket id for Changes) * Redirect to previous page after a profile switching (when it is possible) * An icon for default document type * A better compatibility when collecting emails from office365 See [changelog](https://github.com/glpi-project/glpi/issues?q=milestone:0.90.2) This package also fix the logrotate configuration. -------------------------------------------------------------------------------- ================================================================================ imlib2-1.4.8-1.fc22 (FEDORA-2016-8d4b68e412) Image loading, saving, rendering, and manipulation library -------------------------------------------------------------------------------- Update Information: Rebase to the new upstream bugfix-only version. Add security fixes for the referenced bugs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323060 - imlib2: out of bound read in GIF loader https://bugzilla.redhat.com/show_bug.cgi?id=1323060 [ 2 ] Bug #1323080 - imlib2: divide by zero on 2x1 ellipse https://bugzilla.redhat.com/show_bug.cgi?id=1323080 -------------------------------------------------------------------------------- ================================================================================ parallel-20160222-1.fc22 (FEDORA-2016-7eb5caa94d) Shell tool for executing jobs in parallel -------------------------------------------------------------------------------- Update Information: Update to version 20160222-1 to fix bugs (#1285888,1307846,1320511,1320956,1320958) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320956 - parallel: Race condition when recreating temporary files https://bugzilla.redhat.com/show_bug.cgi?id=1320956 -------------------------------------------------------------------------------- ================================================================================ php-Monolog-1.18.2-1.fc22 (FEDORA-2016-8e332fabce) Sends your logs to files, sockets, inboxes, databases and various web services -------------------------------------------------------------------------------- Update Information: ### 1.18.2 (2016-04-02) * Fixed ElasticaFormatter to use more precise dates * Fixed GelfMessageFormatter sending too long messages ### 1.18.1 (2016-03-13) * Fixed SlackHandler bug where slack dropped messages randomly * Fixed RedisHandler issue when using with the PHPRedis extension * Fixed AmqpHandler content-type being incorrectly set when using with the AMQP extension * Fixed BrowserConsoleHandler regression ### 1.18.0 (2016-03-01) * Added optional reduction of timestamp precision via `Logger->useMicrosecondTimestamps(false)`, disabling it gets you a bit of performance boost but reduces the precision to the second instead of microsecond * Added possibility to skip some extra stack frames in IntrospectionProcessor if you have some library wrapping Monolog that is always adding frames * Added `Logger->withName` to clone a logger (keeping all handlers) with a new name * Added FluentdFormatter for the Fluentd unix socket protocol * Added HandlerWrapper base class to ease the creation of handler wrappers, just extend it and override as needed * Added support for replacing context sub-keys using `%context.*%` in LineFormatter * Added support for `payload` context value in RollbarHandler * Added setRelease to RavenHandler to describe the application version, sent with every log * Added support for `fingerprint` context value in RavenHandler * Fixed JSON encoding errors that would gobble up the whole log record, we now handle those more gracefully by dropping chars as needed * Fixed write timeouts in SocketHandler and derivatives, set to 10sec by default, lower it with `setWritingTimeout()` * Fixed PHP7 compatibility with regard to Exception/Throwable handling in a few places -------------------------------------------------------------------------------- References: [ 1 ] Bug #1313579 - php-Monolog-1.18.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1313579 -------------------------------------------------------------------------------- ================================================================================ php-pear-PHP-CodeSniffer-2.6.0-1.fc22 (FEDORA-2016-012ad89f38) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information: **PHP_CodeSniffer 2.6.0** - Paths used when setting CLI arguments inside ruleset.xml files are now relative to the ruleset location (request #847). This change only applies to paths within ARG tags, used to set CLI arguments. Previously, the paths were relative to the directory PHPCS was being run from. Absolute paths are still allowed and work the same way they always have. This change allows ruleset.xml files to be more portable - Content passed via STDIN will now be processed even if files are specified on the command line or in a ruleset - When passing content via STDIN, you can now specify the file path to use on the command line (request #934). This allows sniffs that check file paths to work correctly. This is the same functionality provided by the phpcs_input_file line, except it is available on the command line - Files processed with custom tokenizers will no longer be skipped if they appear minified (request #877). If the custom tokenizer wants minified files skipped, it can set a $skipMinified member var to TRUE. See the included JS and CSS tokenizers for an example - Config vars set in ruleset.xml files are now processed earlier, allowing them to be used during sniff registration. Among other things, this allows the installed_paths config var to be set in ruleset.xml files. Thanks to Pieter Frenssen for the patch - Improved detection of regular expressions in the JS tokenizer - Generic PHP Syntax sniff now uses PHP_BINARY (if available) to determine the path to PHP if no other path is available. You can still manually set php_path to use a specific binary for testing. Thanks to Andrew Berry for the patch - The PHP-supplied T_POW_EQUAL token has been replicated for PHP versions before 5.6 - Added support for PHP7 use group declarations (request #878). New tokens T_OPEN_USE_GROUP and T_CLOSE_USE_GROUP are assigned to the open and close curly braces - Generic ScopeIndent sniff now reports errors for every line that needs the indent changed (request #903). Previously, it ignored lines that were indented correctly in the context of their block. This change produces more technically accurate error messages, but is much more verbose - The PSR2 and Squiz standards now allow multi-line default values in function declarations (request #542). Previously, these would automatically make the function a multi-line declaration - Squiz InlineCommentSniff now allows docblocks on require(_once) and include(_once) statements. Thanks to Gary Jones for the patch - Squiz and PEAR Class and File sniffs no longer assume the first comment in a file is always a file comment. phpDocumentor assigns the comment to the file only if it is not followed by a structural element. These sniffs now follow this same rule - Squiz ClassCommentSniff no longer checks for blank lines before class comments. Removes the error Squiz.Commenting.ClassComment.SpaceBefore - Renamed Squiz.CSS.Opacity.SpacingAfterPoint to Squiz.CSS.Opacity.DecimalPrecision. Please update your ruleset if you are referencing this error code directly - Fixed PHP tokenizer problem that caused an infinite loop when checking a comment with specific content - Generic Disallow Space and Tab indent sniffs now detect and fix indents inside embedded HTML chunks (request #882) - Squiz CSS IndentationSniff no longer assumes the class opening brace is at the end of a line - Squiz FunctionCommentThrowTagSniff now ignores non-docblock comments - Squiz ComparisonOperatorUsageSniff now allows conditions like while(true) - PEAR FunctionCallSignatureSniff (and the Squiz and PSR2 sniffs that use it) now correctly check the first argument. Further fix for bug #698 - Fixed bug #791 : codingStandardsChangeSetting settings not working with namespaces - Fixed bug #872 : Incorrect detection of blank lines between CSS class names - Fixed bug #879 : Generic InlineControlStructureSniff can create parse error when case/if/elseif/else have mixed brace and braceless definitions - Fixed bug #883 : PSR2 is not checking for blank lines at the start and end of control structures - Fixed bug #884 : Incorrect indentation notice for anonymous classes - Fixed bug #887 : Using curly braces for a shared CASE/DEFAULT statement can generate an error in PSR2 SwitchDeclaration - Fixed bug #889 : Closure inside catch/else/elseif causes indentation error - Fixed bug #890 : Function call inside returned short array value can cause indentation error inside CASE statements - Fixed bug #897 : Generic.Functions.CallTimePassByReference.NotAllowed false positive when short array syntax - Fixed bug #900 : Squiz.Functions.FunctionDeclarationArgumentSpacing bug when no space between type hint and argument - Fixed bug #902 : T_OR_EQUAL and T_POW_EQUAL are not seen as assignment tokens - Fixed bug #910 : Unrecognized "extends" and indentation on anonymous classes - Fixed bug #915 : JS Tokenizer generates errors when processing some decimals - Fixed bug #928 : Endless loop when sniffing a PHP file with a git merge conflict inside a function - Fixed bug #937 : Shebang can cause PSR1 SideEffects warning. Thanks to Clay Loveless for the patch - Fixed bug #938 : CallTimePassByReferenceSniff ignores functions with return value -------------------------------------------------------------------------------- ================================================================================ php-react-promise-2.4.0-1.fc22 (FEDORA-2016-3b0aa05671) A lightweight implementation of CommonJS Promises/A for PHP -------------------------------------------------------------------------------- Update Information: ### 2.4.0 (2016-03-31) * Support foreign thenables in `resolve()`. Any object that provides a `then()` method is now assimilated to a trusted promise that follows the state of this thenable (#52). * Fix `some()` and `any()` for input arrays containing not enough items (#34). ### 2.3.0 (2016-03-24) * Allow cancellation of promises returned by functions working on promise collections (#36). * Handle `\Throwable` in the same way as `\Exception` (#51 by @joshdifabio). ### 2.2.2 (2016-02-26) * Fix cancellation handlers called multiple times (#47 by @clue). ### 2.2.1 (2015-07-03) * Fix stack error when resolving a promise in its own fulfillment or rejection handlers. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1319558 - php-react-promise-2.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1319558 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.4.7-1.fc22 (FEDORA-2016-6724a2b8ea) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.4.7 per release notes http://www.postgresql.org/docs/9.4/static/release-9-4-7.html -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.17.3-1.fc22 (FEDORA-2016-1e24ec52dd) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: Latest upstream. https://github.com/fedora- infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst -------------------------------------------------------------------------------- ================================================================================ python-markdown-2.6.6-1.fc22 (FEDORA-2016-0e0b62bad7) Markdown implementation in Python -------------------------------------------------------------------------------- Update Information: Update to the latest stable version 2.6.6 (a bugfix release). -------------------------------------------------------------------------------- ================================================================================ python-matplotlib-1.4.3-13.fc22 (FEDORA-2016-0551f09cf4) Python 2D plotting library -------------------------------------------------------------------------------- Update Information: Require the python-matplotlib-qt5 subpackage from the python-matplotlib-qt5 subpackage ---- This update: - adds patch to fix GDK backend - fixes the requires of the main package in two subpackages - removes problematic image from the tarball and final installation -------------------------------------------------------------------------------- References: [ 1 ] Bug #1219556 - python-matplotlib-qt4 requires python-matplotlib-qt5 https://bugzilla.redhat.com/show_bug.cgi?id=1219556 [ 2 ] Bug #1231748 - NameError: global name 'cbook' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1231748 [ 3 ] Bug #1295174 - python-matplotlib contain problematic content https://bugzilla.redhat.com/show_bug.cgi?id=1295174 -------------------------------------------------------------------------------- ================================================================================ python3-iep-3.7-1.fc22 (FEDORA-2016-c1a46ac4cd) The interactive editor for Python -------------------------------------------------------------------------------- Update Information: Update to 3.7, and update spec to align with packaging guidelines -------------------------------------------------------------------------------- ================================================================================ rpcbind-0.2.3-7.rc1.fc22 (FEDORA-2016-75dc53023b) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: Fixed: * Softly allocate rpc uid/gid (bz 1301288) * Restart rpcbind.socket on restarts (bz 1306824) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1306824 - Upgrade of rpcbind does not restart rpcbind.socket https://bugzilla.redhat.com/show_bug.cgi?id=1306824 [ 2 ] Bug #1301288 - An existing 'rpc' user is removed during the installation of rpcbind without any messages https://bugzilla.redhat.com/show_bug.cgi?id=1301288 -------------------------------------------------------------------------------- ================================================================================ wine-1.9.7-1.fc22 (FEDORA-2016-8f9e2e95ee) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: More work towards the WineD3D command stream. More support for Shader Model 5 shaders. C++ exception handling on x86-64. Support for Windows- style static import libraries. Performance fixes in the XML writer. Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323392 - wine-1.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1323392 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
