The following Fedora 22 Security updates need testing: Age URL 364 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 313 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 245 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 200 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 188 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 121 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 107 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 80 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 57 https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b xdelta-3.0.7-7.fc22 46 https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494 mingw-nsis-2.50-1.fc22 37 https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925 graphite2-1.3.6-1.fc22 33 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765 python-pygments-2.1.3-1.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29 libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f44e89fe0 python-tgcaptcha2-0.3.1-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-250042b8a6 xstream-1.4.9-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f196e4e4a xen-4.5.3-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-246417376c latex2rtf-2.3.10-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9282d83bee php-5.6.20-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f61f02e9e2 fuse-encfs-1.8.1-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb kernel-4.4.6-201.fc22 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ad4474058 python-pillow-2.8.2-5.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eb5caa94d parallel-20160222-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d19ed2f80d squid-3.5.10-2.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 239 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 157 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 154 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 140 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 69 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0 xulrunner-44.0-1.fc22 63 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64 mobile-broadband-provider-info-1.20151214-1.fc22 46 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab selinux-policy-3.13.1-128.28.fc22 37 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507 rpm-4.12.0.1-16.fc22 34 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22 26 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4072c51267 dracut-041-15.fc22 22 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c upower-0.99.3-2.fc22 16 https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57 firefox-45.0.1-2.fc22 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe22f37fba hwdata-0.287-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-18d1833265 thunderbird-38.7.1-1.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-881765e99c systemtap-3.0-2.fc22 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5078f60f9 ntfs-3g-2016.2.22-1.fc22 testdisk-7.0-7.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dedd49a5b7 lorax-22.14-1.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb kernel-4.4.6-201.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412 imlib2-1.4.8-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-50cc0dbbde wavpack-4.75.2-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-060be75c14 webkitgtk3-2.4.10-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6d6f111230 elfutils-0.166-1.fc22 The following builds have been pushed to Fedora 22 updates-testing GeoIP-GeoLite-data-2016.04-1.fc22 Random123-1.09-1.fc22 chirp-20160402-1.fc22 cjdns-17.3-11.fc22 composer-1.0.0-1.fc22 dovecot-2.2.23-1.fc22 elfutils-0.166-1.fc22 getdns-0.9.0-1.fc22 gtkspell3-3.0.8-1.fc22 gtkspellmm30-3.0.4-2.fc22 hplip-3.15.9-4.fc22 imapsync-1.684-1.fc22 libmediainfo-0.7.84-1.fc22 liferea-1.10.19-1.fc22 mediainfo-0.7.84-1.fc22 mediatomb-0.12.1-38.fc22.20120403gitb66dc1 mingw-gtkspell3-3.0.8-1.fc22 mingw-gtkspellmm30-3.0.4-2.fc22 nasm-2.11.06-2.fc22 ovirt-guest-agent-1.0.11-3.fc22 php-PHP-CSS-Parser-7.0.2-1.fc22 php-horde-Horde-Auth-2.1.12-1.fc22 php-horde-Horde-Crypt-2.7.3-1.fc22 php-horde-Horde-Css-Parser-1.0.9-1.fc22 php-horde-Horde-Dav-1.1.3-1.fc22 php-horde-Horde-Kolab-Storage-2.2.2-1.fc22 php-horde-Horde-ListHeaders-1.2.4-1.fc22 php-horde-Horde-Log-2.2.0-1.fc22 php-horde-Horde-Nls-2.2.0-1.fc22 php-horde-Horde-SyncMl-2.0.7-1.fc22 php-horde-imp-6.2.14-1.fc22 php-horde-ingo-3.2.10-1.fc22 php-horde-nag-4.2.9-1.fc22 php-horde-turba-4.2.14-1.fc22 php-paragonie-random-compat-1.4.1-1.fc22 php-symfony-2.7.11-2.fc22 python-breathe-4.2.0-1.fc22 squid-3.5.10-2.fc22 sysreporter-3.0.3-1.fc22 wavpack-4.75.2-1.fc22 webkitgtk-2.4.10-2.fc22 webkitgtk3-2.4.10-2.fc22 znc-1.6.3-1.fc22 Details about builds: ================================================================================ GeoIP-GeoLite-data-2016.04-1.fc22 (FEDORA-2016-af65be0c5a) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: Update to Apil 2016 GeoLite databases. -------------------------------------------------------------------------------- ================================================================================ Random123-1.09-1.fc22 (FEDORA-2016-0dc747cc49) Library of random number generators -------------------------------------------------------------------------------- Update Information: * Update to new release * Package only available on x86, x86_64 and ppc - upstream does not support other arches. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324478 - Update to 1.09 https://bugzilla.redhat.com/show_bug.cgi?id=1324478 [ 2 ] Bug #1311304 - gccfeatures.h breaks compilation on arches other than x86 and ppc https://bugzilla.redhat.com/show_bug.cgi?id=1311304 -------------------------------------------------------------------------------- ================================================================================ chirp-20160402-1.fc22 (FEDORA-2016-838f001506) A tool for programming two-way radio equipment -------------------------------------------------------------------------------- Update Information: Update to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1324577 - RFE current in the repos is 2 months behind upstream https://bugzilla.redhat.com/show_bug.cgi?id=1324577 -------------------------------------------------------------------------------- ================================================================================ cjdns-17.3-11.fc22 (FEDORA-2016-ce63703998) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information: Cjdns is an IP6 mesh VPN with cryptographic address allocation. This is the first Fedora release. This version uses libsodium instead of nacl. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1268716 - Review Request: cjdns - IP6 VPN with crypto address allocation https://bugzilla.redhat.com/show_bug.cgi?id=1268716 -------------------------------------------------------------------------------- ================================================================================ composer-1.0.0-1.fc22 (FEDORA-2016-c2e6b9ce88) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.0.0** * Added support for bitbucket-oauth configuration * Added warning when running composer as super user, set COMPOSER_ALLOW_SUPERUSER=1 to hide the warning if you really must * Added PluginManager::getGlobalComposer getter to retrieve the global instance (which can be null!) * Fixed dependency solver error reporting in many cases it now shows you proper errors instead of just saying a package does not exist * Fixed output of failed downloads appearing as 100% done instead of Failed * Fixed handling of empty directories when archiving, they are not skipped anymore * Fixed installation of broken plugins corrupting the vendor state when combined with symlinked path repositories ---- **Version 1.0.0-beta2** * Break: The install command now turns into an update command automatically if you have no composer.lock. This was done only half-way before which caused inconsistencies * Break: By default the remove command now removes dependencies as well, and --update-with-dependencies is deprecated. Use --no- update-with-dependencies to get old behavior * Added support for SSL_CERT_DIR env var and openssl.capath ini value * Added some conflict detection in why- not command * Added suggestion of root package's suggests in create-project command * Fixed create-project ignoring --ignore-platform-reqs when choosing a version of the package * Fixed search command in a directory without composer.json * Fixed path repository handling of symlinks on windows * Fixed PEAR repo handling to prefer HTTPS mirrors over HTTP ones * Fixed handling of Path env var on Windows, only PATH was accepted before * Small error reporting and docs improvements -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.23-1.fc22 (FEDORA-2016-9f0b97c62d) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: - Various fixes to doveadm. Especially running commands via doveadm- server was broken. - director: Fixed user weakness getting stuck in some situations - director: Fixed a situation where directors keep re-sending different states to each others and never becoming synced. - director: Fixed assert-crash related to a slow "user killed" reply - Fixed assert-crash related to istream-concat, which could have been triggered at least by a Sieve script. -------------------------------------------------------------------------------- ================================================================================ elfutils-0.166-1.fc22 (FEDORA-2016-6d6f111230) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Upgrade to elfutils-0.166. Various bug fixes. ppc32 and sparc32 build/testsuite fixes, better support for non-linux (kfreebsd/hurd), build fixes for older glibc without ELF compression types, a fix for over-adjusting alignment of NOBITS sections, bug fixes for issues found by gcc6, recognize some Go and ARM ELF notes, addition of new i386/x86_64 relocation types and elfcompress -q would erroneously imply --force. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295951 - Unsupported/confusing golang notes https://bugzilla.redhat.com/show_bug.cgi?id=1295951 [ 2 ] Bug #1285613 - Missing NT_ARM_SYSTEM_CALL https://bugzilla.redhat.com/show_bug.cgi?id=1285613 -------------------------------------------------------------------------------- ================================================================================ getdns-0.9.0-1.fc22 (FEDORA-2016-f5bd0e63f8) Modern asynchronous API to the DNS -------------------------------------------------------------------------------- Update Information: Updated to 0.9.0 -------------------------------------------------------------------------------- ================================================================================ gtkspell3-3.0.8-1.fc22 (FEDORA-2016-366a895bc5) On-the-fly spell checking for GtkTextView widgets -------------------------------------------------------------------------------- Update Information: Update to version 3.0.8, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ================================================================================ gtkspellmm30-3.0.4-2.fc22 (FEDORA-2016-893f3481ab) On-the-fly spell checking for GtkTextView widgets - C++ bindings -------------------------------------------------------------------------------- Update Information: Update to version 3.0.4, see http://gtkspell.sourceforge.net/NEWS for details. -------------------------------------------------------------------------------- ================================================================================ hplip-3.15.9-4.fc22 (FEDORA-2016-f0a25261f4) HP Linux Imaging and Printing Project -------------------------------------------------------------------------------- Update Information: Fixes bug with proprietary plugin. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249414 - hp-plugin (3.15.7) hangs on 'su' https://bugzilla.redhat.com/show_bug.cgi?id=1249414 -------------------------------------------------------------------------------- ================================================================================ imapsync-1.684-1.fc22 (FEDORA-2016-e1ed475951) Tool to migrate email between IMAP servers -------------------------------------------------------------------------------- Update Information: Update to 1.684 -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.84-1.fc22 (FEDORA-2016-c48b46e056) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.84. -------------------------------------------------------------------------------- ================================================================================ liferea-1.10.19-1.fc22 (FEDORA-2016-91b1ca0f4e) An RSS/RDF feed reader -------------------------------------------------------------------------------- Update Information: This update updates liferea to 1.10.19 * it fixes compilation problems in the 1.10.18 release * it also fixes a problem with updating favicons -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.84-1.fc22 (FEDORA-2016-c48b46e056) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.84. -------------------------------------------------------------------------------- ================================================================================ mediatomb-0.12.1-38.fc22.20120403gitb66dc1 (FEDORA-2016-94ff06eb91) MediaTomb - UPnP AV Mediaserver for Linux -------------------------------------------------------------------------------- Update Information: Systemd fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1272709 - mediatomb missed requirements https://bugzilla.redhat.com/show_bug.cgi?id=1272709 [ 2 ] Bug #1211048 - mediatomb deamon does not release sockets at stop - systemd service https://bugzilla.redhat.com/show_bug.cgi?id=1211048 [ 3 ] Bug #850203 - Introduce new systemd-rpm macros in mediatomb spec file https://bugzilla.redhat.com/show_bug.cgi?id=850203 -------------------------------------------------------------------------------- ================================================================================ mingw-gtkspell3-3.0.8-1.fc22 (FEDORA-2016-bd8ed91d2d) MinGW Windows GtkSpell3 library -------------------------------------------------------------------------------- Update Information: Update to version 3.0.8, see http://gtkspell.sourceforge.net/ChangeLog for details. -------------------------------------------------------------------------------- ================================================================================ mingw-gtkspellmm30-3.0.4-2.fc22 (FEDORA-2016-b832f9e3c0) MinGW Windows GtkSpellmm library -------------------------------------------------------------------------------- Update Information: Update to version 3.0.4, see http://gtkspell.sourceforge.net/NEWS for details. -------------------------------------------------------------------------------- ================================================================================ nasm-2.11.06-2.fc22 (FEDORA-2016-b3c9dcc237) A portable x86 assembler which uses Intel-like syntax -------------------------------------------------------------------------------- Update Information: Fixes a regression introduced in version 2.11.06, which breaks syslinux build. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1315153 - error: symbol references not supported in preprocess-only mode https://bugzilla.redhat.com/show_bug.cgi?id=1315153 -------------------------------------------------------------------------------- ================================================================================ ovirt-guest-agent-1.0.11-3.fc22 (FEDORA-2016-34b176643f) The oVirt Guest Agent -------------------------------------------------------------------------------- Update Information: Bump to ovirt guest agent 1.0.11.3 release (ovirt 3.6.5) ---- ovirt-guest- agent-1.0.11-2.fc22 - BZ#1271167 - Execute diskmapper elevated or it won't be working -------------------------------------------------------------------------------- References: [ 1 ] Bug #1271167 - [abrt] ovirt-guest-agent-common: __init__.py:378:__getitem__:AttributeError: python: undefined symbol: udev_device_get_property_value https://bugzilla.redhat.com/show_bug.cgi?id=1271167 -------------------------------------------------------------------------------- ================================================================================ php-PHP-CSS-Parser-7.0.2-1.fc22 (FEDORA-2016-d84c0c01f5) A Parser for CSS Files -------------------------------------------------------------------------------- Update Information: **Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request #14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Auth-2.1.12-1.fc22 (FEDORA-2016-06c103d8ee) Horde Authentication API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.12** * [mjr] Fix creating/removing mailbox in cyrsql driver (Bug #14295, federico.mennite). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Crypt-2.7.3-1.fc22 (FEDORA-2016-717931e7e5) Horde Cryptography API -------------------------------------------------------------------------------- Update Information: **Horde_Crypt 2.7.3** * [jan] Work around broken PGP key servers. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Css-Parser-1.0.9-1.fc22 (FEDORA-2016-d84c0c01f5) Horde CSS Parser -------------------------------------------------------------------------------- Update Information: **Horde_Css_Parser 1.0.9** * [jan] Update to PHP-CSS-Parser 7.0.2 (Request #14297). --- **PHP-CSS-Parser 7.0.2** * Compatibility with PHP 7. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Dav-1.1.3-1.fc22 (FEDORA-2016-43c57b0a30) Horde library for WebDAV, CalDAV, CardDAV -------------------------------------------------------------------------------- Update Information: **Horde_Dav 1.1.3** * [jan] Fix down migration of database schema. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Kolab-Storage-2.2.2-1.fc22 (FEDORA-2016-e1a11d9a97) A package for handling Kolab data stored on an IMAP server -------------------------------------------------------------------------------- Update Information: **Horde_Kolab_Storage 2.2.2** * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-ListHeaders-1.2.4-1.fc22 (FEDORA-2016-0d537b6350) Horde List Headers Parsing Library -------------------------------------------------------------------------------- Update Information: **Horde_ListHeaders 1.2.4** * [jan] Add Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Log-2.2.0-1.fc22 (FEDORA-2016-c92418ff52) Horde Logging library -------------------------------------------------------------------------------- Update Information: **Horde_Log 2.2.0** * [jan] Add a few common aliases for the log level constants. * [jan] Allow to have multiple log level names with the same value. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Nls-2.2.0-1.fc22 (FEDORA-2016-ffdaf8b9e2) Native Language Support (NLS) -------------------------------------------------------------------------------- Update Information: **Horde_Nls 2.2.0** * [jan] Add Horde_Nls::getTimezonesWithAbbreviations(). * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-SyncMl-2.0.7-1.fc22 (FEDORA-2016-735e13817e) Horde_SyncMl provides an API for processing SyncML requests -------------------------------------------------------------------------------- Update Information: **Horde_SyncMl 2.0.7** * [jan] Update Greek translation (Limperis Antonis). -------------------------------------------------------------------------------- ================================================================================ php-horde-imp-6.2.14-1.fc22 (FEDORA-2016-7dfd84986c) A web based webmail system -------------------------------------------------------------------------------- Update Information: **imp 6.2.14** * [mjr] Fix renaming subfolders in basic view (Bug #14254). * [mjr] Fix display of mailbox sizes in basic view (Bug #14308). * [mjr] Fix fatal error when deleting messages in basic view when IMAP server does not support QRESYNC or CONDSTORE (Bug #14257). -------------------------------------------------------------------------------- ================================================================================ php-horde-ingo-3.2.10-1.fc22 (FEDORA-2016-7ef501d55a) An email filter rules manager -------------------------------------------------------------------------------- Update Information: **ingo 3.2.10** * [jan] Don't duplicate messages in Procmail's vacation recipe if excluding email addresses (Michael.Martin, Bug #14275). * [jan] Remove stop- script feature from Procmail driver. -------------------------------------------------------------------------------- ================================================================================ php-horde-nag-4.2.9-1.fc22 (FEDORA-2016-c78f14a4ff) A web based task list manager -------------------------------------------------------------------------------- Update Information: **nag 4.2.9** * [jan] Fix regression with date picker in tasks form (Bug #14303). * [mjr] Fix handling EAS categories/tags. -------------------------------------------------------------------------------- ================================================================================ php-horde-turba-4.2.14-1.fc22 (FEDORA-2016-eb782808ef) A web based address book -------------------------------------------------------------------------------- Update Information: **turba 4.2.14** * [mjr] Fix persisting tags when moving or copying a contact to another address book (Bug #14312). * [mjr] Fix resetting state when changing sync_book prefs and device has forced multiplex. * [mjr] Fix synchronizing contact notes via ActiveSync when no truncation value is requested by the client (Bug #14307). -------------------------------------------------------------------------------- ================================================================================ php-paragonie-random-compat-1.4.1-1.fc22 (FEDORA-2016-e4a54efa7f) PHP 5.x polyfill for random_bytes() and random_int() from PHP 7 -------------------------------------------------------------------------------- Update Information: ### Version 1.4.1 - 2016-03-18 * Update comment in random.php ### Version 1.4.0 - 2016-03-18 * Restored OpenSSL in the version 1 branch in preparation to remove OpenSSL in version 2. ### Version 1.3.1/1.2.3 - 2016-03-18 * Add more possible values to `open_baseir` check. ### Version 1.3.0 - 2016-03-17 * Removed `openssl_random_pseudo_bytes()` entirely. If you are using random_compat in PHP on a Unix-like OS but cannot access `/dev/urandom`, version 1.3+ will throw an `Exception`. If you want to trust OpenSSL, feel free to write your own fallback code. e.g. ``` try { $bytes = random_bytes(32); } catch (Exception $ex) { $strong = false; $bytes = openssl_random_pseudo_bytes(32, $strong); if (!$strong) { throw $ex; } } ``` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1318836 - php-paragonie-random-compat-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1318836 -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.7.11-2.fc22 (FEDORA-2016-68b347345b) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: **Version 2.7.11** (2016-03-25) * bug #18255 [HttpFoundation] Fix support of custom mime types with parameters (Ener-Getick) * bug #18272 [Bridge\PhpUnit] Workaround old phpunit bug, no colors in weak mode, add tests (nicolas-grekas) * bug #18259 [PropertyAccess] Backport fixes from 2.7 (nicolas-grekas) * bug #18261 [PropertyAccess] Fix isPropertyWritable not using the reflection cache (nicolas-grekas) * bug #18224 [PropertyAccess] Remove most ref mismatches to improve perf (nicolas-grekas) * bug #18210 [PropertyAccess] Throw an UnexpectedTypeException when the type do not match (dunglas, nicolas-grekas) * bug #18216 [Intl] Fix invalid numeric literal on PHP 7 (nicolas-grekas) * bug #18147 [Validator] EmailValidator cannot extract hostname if email contains multiple @ symbols (natechicago) * bug #18023 [Process] getIncrementalOutput should work without calling getOutput (romainneutron) * bug #18175 [Translation] Add support for fuzzy tags in PoFileLoader (nud) * bug #18179 [Form] Fix NumberToLocalizedStringTransformer::reverseTransform with big integers (ovrflo, nicolas-grekas) * bug #18164 [HttpKernel] set s-maxage only if all responses are cacheable (xabbuh) * bug #18150 [Process] Wait a bit less on Windows (nicolas-grekas) * bug #18130 [Debug] Replaced logic for detecting filesystem case sensitivity (Dan Blows) * bug #18080 [HttpFoundation] Set the Content-Range header if the requested Range is unsatisfied (jakzal) * bug #18084 [HttpFoundation] Avoid warnings when checking malicious IPs (jakzal) * bug #18066 [Process] Fix pipes handling (nicolas-grekas) * bug #18078 [Console] Fix an autocompletion question helper issue with non-sequentially indexed choices (jakzal) * bug #18048 [HttpKernel] Fix mem usage when stripping the prod container (nicolas-grekas) * bug #18065 [Finder] Partially revert #17134 to fix a regression (jakzal) * bug #18018 [HttpFoundation] exception when registering bags for started sessions (xabbuh) * bug #18054 [Filesystem] Fix false positive in ->remove() (nicolas-grekas) * bug #18049 [Validator] Fix the locale validator so it treats a locale alias as a valid locale (jakzal) * bug #18019 [Intl] Update ICU to version 55 (jakzal) * bug #18015 [Process] Fix memory issue when using large input streams (romainneutron) * bug #16656 [HttpFoundation] automatically generate safe fallback filename (xabbuh) * bug #15794 [Console] default to stderr in the console helpers (alcohol) * bug #17984 Allow to normalize \Traversable when serializing xml (Ener-Getick) * bug #17434 Improved the error message when a template is not found (rvanginneken, javiereguiluz) * bug #17687 Improved the error message when using "@" in a decorated service (javiereguiluz) * bug #17744 Improve error reporting in router panel of web profiler (javiereguiluz) * bug #17894 [FrameworkBundle] Fix a regression in handling absolute template paths (jakzal) * bug #17990 [DoctrineBridge][Form] Fix performance regression in EntityType (kimlai) * bug #17595 [HttpKernel] Remove _path from query parameters when fragment is a subrequest (cmenning) * bug #17986 [DomCrawler] Dont use LIBXML_PARSEHUGE by default (nicolas-grekas) * bug #17668 add 'guid' to list of exception to filter out (garak) * bug #17615 Ensure backend slashes for symlinks on Windows systems (cpsitgmbh) * bug #17626 Try to delete broken symlinks (IchHabRecht) * bug #17978 [Yaml] ensure dump indentation to be greather than zero (xabbuh) * bug #16886 [Form] [ChoiceType] Prefer placeholder to empty_value (boite) * bug #17976 [WebProfilerBundle] fix debug toolbar rendering by removing inadvertently added links (craue) * bug #17971 Variadic controller params (NiR-, fabpot) * bug #17568 Improved Bootstrap form theme for hidden fields (javiereguiluz) * bug #17925 [Bridge] The WebProcessor now forwards the client IP (magnetik) -------------------------------------------------------------------------------- ================================================================================ python-breathe-4.2.0-1.fc22 (FEDORA-2016-9eabd21ea8) Adds support for Doxygen xml output to reStructuredText and Sphinx -------------------------------------------------------------------------------- Update Information: Rename of [breathe](https://admin.fedoraproject.org/pkgdb/package/rpms/breathe/). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321438 - Review Request: python-breathe - Doxygen xml output to reStructuredText https://bugzilla.redhat.com/show_bug.cgi?id=1321438 -------------------------------------------------------------------------------- ================================================================================ squid-3.5.10-2.fc22 (FEDORA-2016-d19ed2f80d) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-3947 and CVE-2016-3948 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1323594 - CVE-2016-3948 squid: denial of service issue in HTTP response processing https://bugzilla.redhat.com/show_bug.cgi?id=1323594 [ 2 ] Bug #1323590 - CVE-2016-3947 squid: buffer overrun in Squid proxy pinger https://bugzilla.redhat.com/show_bug.cgi?id=1323590 -------------------------------------------------------------------------------- ================================================================================ sysreporter-3.0.3-1.fc22 (FEDORA-2016-e73e4ca126) Basic system reporter with emailing -------------------------------------------------------------------------------- Update Information: Update to 3.0.3 -------------------------------------------------------------------------------- ================================================================================ wavpack-4.75.2-1.fc22 (FEDORA-2016-50cc0dbbde) A completely open audiocodec -------------------------------------------------------------------------------- Update Information: Update to 4.75.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1218453 - wavpack-4.80.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1218453 -------------------------------------------------------------------------------- ================================================================================ webkitgtk-2.4.10-2.fc22 (FEDORA-2016-3fd3e8bb3f) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update fixes a regression causing various crashes in various WebKitGTK+ consumers. -------------------------------------------------------------------------------- ================================================================================ webkitgtk3-2.4.10-2.fc22 (FEDORA-2016-060be75c14) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update fixes a regression causing various crashes in Evolution and other WebKitGTK+ consumers. ---- This update addresses the following vulnerabilities: * [CVE-2015-1120](https://cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2015-1120) * [CVE-2015-1076](https://cve.mitre.org /cgi-bin/cvename.cgi?name=CVE-2015-1076) * [CVE-2015-1071](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1071) * [CVE-2015-1081](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1081) * [CVE-2015-1122](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1122) * [CVE-2015-1155](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1155) * [CVE-2014-1748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1748) * [CVE-2015-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752) * [CVE-2015-5809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5809) * [CVE-2015-5928](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5928) * [CVE-2015-3749](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3749) * [CVE-2015-3659](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3659) * [CVE-2015-3748](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3748) * [CVE-2015-3743](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3743) * [CVE-2015-3731](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3731) * [CVE-2015-3745](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3745) * [CVE-2015-5822](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5822) * [CVE-2015-3658](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3658) * [CVE-2015-3741](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3741) * [CVE-2015-3727](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3727) * [CVE-2015-5801](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5801) * [CVE-2015-5788](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5788) * [CVE-2015-3747](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3747) * [CVE-2015-5794](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5794) * [CVE-2015-1127](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1127) * [CVE-2015-1153](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1153) * [CVE-2015-1083](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1083) Additional fixes: * Fix rendering of form controls and scrollbars with GTK+ >= 3.19 * Fix crashes on PowerPC 64. * Fix the build on PowerPC 32. * Add ARM64 build support. Translation updates * German * Spanish * French * Italian * Korean * Brazilian Portuguese * Russian * Chinese. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1321722 - [abrt] evolution: WTF::StringImpl::startsWith(): SIGSEGV with webkitgtk3-2.4.10 https://bugzilla.redhat.com/show_bug.cgi?id=1321722 -------------------------------------------------------------------------------- ================================================================================ znc-1.6.3-1.fc22 (FEDORA-2016-937d5e68d3) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information: Update to 1.6.3 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: http://lists.fedoraproject.org/admin/lists/test@xxxxxxxxxxxxxxxxxxxxxxx
