The following Fedora 25 Security updates need testing: Age URL 106 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170 chicken-4.11.0-3.fc25 58 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3 compat-guile18-1.8.8-14.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d361d188d9 roundcubemail-1.2.3-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-673cbb6bb4 perl-DBD-MySQL-4.041-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-dd2aa2b4a9 mingw-libarchive-3.2.2-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e865601498 mcabber-1.0.4-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-98cca07999 tomcat-8.0.39-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1563af431 golang-1.7.4-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-8b1f72df21 php-simplesamlphp-saml2-2.3.3-1.fc25 php-simplesamlphp-saml2_1-1.10.3-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad ipsilon-2.0.2-2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-868350fe5a lxc-2.0.6-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f2a42c3b18 mingw-openjpeg2-2.1.2-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b6ec330099 xen-4.7.1-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfa785e39e cracklib-2.9.6-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-daf90926d4 dovecot-2.2.27-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ba1694d89 libgsf-1.14.33-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 23 https://bodhi.fedoraproject.org/updates/FEDORA-2016-56cfdb6815 nss-3.27.0-1.3.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1231ada78 python-productmd-1.3-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2016-940ecb5c59 wpa_supplicant-2.6-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1d195fd2ad lxpanel-0.9.1-2.D20161125git138ff9b2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1a975208f6 cairo-1.14.8-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c25320b71 pungi-4.1.11-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ba1694d89 libgsf-1.14.33-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f24b3ddc6a selinux-policy-3.13.1-225.3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-074ca36612 libtiff-4.0.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfa785e39e cracklib-2.9.6-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-180b59a3c4 pcre2-10.22-7.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d6a352eeca poppler-data-0.4.7-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cc3ab3b292 tracker-1.10.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f7b96856a7 samba-4.5.2-0.fc25 The following builds have been pushed to Fedora 25 updates-testing 64tass-1.52.1237-1.fc25 ardour5-5.5.0-1.fc25 boost-1.60.0-10.fc25 byteman-3.0.6-2.fc25 ceph-10.2.4-1.fc25 cracklib-2.9.6-4.fc25 docker-1.12.3-13.git0423d89.fc25 dolphin-emu-5.0-6.fc25 dovecot-2.2.27-1.fc25 doxygen-1.8.12-5.fc25 evince-3.22.1-2.fc25 fabric-1.12.1-0.fc25 fedpkg-1.26-2.fc25 gap-pkg-hapcryst-0.1.11-1.fc25 gap-pkg-polenta-1.3.7-1.fc25 gap-pkg-xmod-2.58-1.fc25 gsi-openssh-7.3p1-4.fc25 inxi-2.3.5-1.fc25 knot-2.3.3-1.fc25 libabigail-1.0-0.8.rc6.4.fc25 liberasurecode-1.4.0-1.fc25 libgsf-1.14.33-4.fc25 libtiff-4.0.7-1.fc25 netpanzer-0.8.7-2.fc25 nom-tam-fits-1.15.1-1.fc25 nvme-cli-1.0-2.fc25 pcre2-10.22-7.fc25 pcsc-lite-1.8.19-1.fc25 pcsxr-1.9.94-6.fc25 perl-AuthCAS-1.7-1.fc25 perl-HTML-Format-2.16-1.fc25 perl-Net-LDAP-SID-0.001-1.fc25 perl-PDF-Create-1.39-1.fc25 perl-Text-vCard-3.09-1.fc25 perl-iCal-Parser-1.21-1.fc25 php-zendframework-zend-expressive-1.0.5-1.fc25 poppler-data-0.4.7-6.fc25 pungi-4.1.11-3.fc25 python-basemap-1.0.7-14.fc25 python-cvss-1.6-1.fc25 python-requestbuilder-0.7.1-1.fc25 python-stem-1.5.3-1.fc25 radicale-1.1.1-9.fc25 root-6.08.02-1.fc25 rpkg-1.47-3.fc25 salt-2016.3.4-1.fc25 samba-4.5.2-0.fc25 selinux-policy-3.13.1-225.3.fc25 tor-0.2.8.11-1.fc25 tracker-1.10.2-1.fc25 valabind-0.10.0-1.fc25 xen-4.7.1-4.fc25 zabbix-3.0.6-1.fc25 zile-2.4.13-1.fc25 Details about builds: ================================================================================ 64tass-1.52.1237-1.fc25 (FEDORA-2016-f702aba403) 6502 assembler -------------------------------------------------------------------------------- Update Information: - Rebuilt for new upstream release 1.52.1237, fixes rhbz #1063717 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063717 - 64tass-1.52.1237 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063717 -------------------------------------------------------------------------------- ================================================================================ ardour5-5.5.0-1.fc25 (FEDORA-2016-081c36e67f) Digital Audio Workstation -------------------------------------------------------------------------------- Update Information: New upstream bugfix and enhancement release. For details refer to the [upstream release announcement](https://community.ardour.org/node/14093). -------------------------------------------------------------------------------- ================================================================================ boost-1.60.0-10.fc25 (FEDORA-2016-bdf59f246f) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information: The Boost libraries have been updated to fix compilation errors when using `boost::asio::use_future`. A bug in the C++ standard library shipped with Fedora caused an incompatibility with part of Boost.Asio. The fix for that bug is not included in Fedora yet, so the Boost packages have been rebuilt to include a workaround taken from the latest Boost release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403165 - boost::asio::use_future can't be used on Fedora https://bugzilla.redhat.com/show_bug.cgi?id=1403165 -------------------------------------------------------------------------------- ================================================================================ byteman-3.0.6-2.fc25 (FEDORA-2016-f811734198) Java agent-based bytecode injection tool -------------------------------------------------------------------------------- Update Information: Fix FTBFS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402998 - byteman-3.0.6-1.fc25 FTBFS https://bugzilla.redhat.com/show_bug.cgi?id=1402998 -------------------------------------------------------------------------------- ================================================================================ ceph-10.2.4-1.fc25 (FEDORA-2016-5ff53b3a39) User space components of the Ceph file system -------------------------------------------------------------------------------- Update Information: This update tries to ease the transition to new upstream -devel packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402923 - help ease transition to new unversioned -devel package names https://bugzilla.redhat.com/show_bug.cgi?id=1402923 -------------------------------------------------------------------------------- ================================================================================ cracklib-2.9.6-4.fc25 (FEDORA-2016-bfa785e39e) A password-checking library -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-6318 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1364944 - CVE-2016-6318 cracklib: Stack-based buffer overflow when parsing large GECOS field https://bugzilla.redhat.com/show_bug.cgi?id=1364944 -------------------------------------------------------------------------------- ================================================================================ docker-1.12.3-13.git0423d89.fc25 (FEDORA-2016-de032c73d6) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: built docker @projectatomic/docker-1.12 commit 0423d89 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401260 - SELinux is preventing chmod from 'setattr' accesses on the directory _data. https://bugzilla.redhat.com/show_bug.cgi?id=1401260 -------------------------------------------------------------------------------- ================================================================================ dolphin-emu-5.0-6.fc25 (FEDORA-2016-acb06a4eb7) GameCube / Wii / Triforce Emulator -------------------------------------------------------------------------------- Update Information: New package, imported from RPMFusion. Updates from RPMFusion to Fedora: - License fixes and relocation - Split out common data into data subpackage - Add a patch for f26+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1379765 - Review Request: dolphin-emu - GameCube / Wii / Triforce Emulator https://bugzilla.redhat.com/show_bug.cgi?id=1379765 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.27-1.fc25 (FEDORA-2016-daf90926d4) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: - Fixed crash in auth process when auth-policy was configured and authentication was aborted/failed without a username set. - director: If two users had different tags but the same hash, the users may have been redirected to the wrong tag's hosts. - Index files may have been thought incorrectly lost, causing "Missing middle file seq=.." to be logged and index rebuild. This happened more easily with IMAP hibernation enabled. - Various fixes to restoring state correctly in un-hibernation. - dovecot.index files were commonly 4 bytes per email too large. This is because 3 bytes per email were being wasted that could have been used for IMAP keywords. - Various fixes to handle dovecot.list.index corruption better. - lib-fts: Fixed assert-crash in address tokenizer with specific input. - Fixed assert-crash in HTML to text parsing with specific input (e.g. for FTS indexing or snippet generation) - doveadm sync -1: Fixed handling mailbox GUID conflicts. - sdbox, mdbox: Perform full index rebuild if corruption is detected inside lib-index, which runs index fsck. - quota: Don't skip quota checks when moving mails between different quota roots. - search: Multiple sequence sets or UID sets in search parameters weren't handled correctly. They were incorrectly merged together. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401025 - CVE-2016-8652 dovecot: Remote crash when auth-policy component is activated [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401025 -------------------------------------------------------------------------------- ================================================================================ doxygen-1.8.12-5.fc25 (FEDORA-2016-a9b6c0195a) A documentation system for C/C++ -------------------------------------------------------------------------------- Update Information: the update fixes the runtime dependency on perl and includes many backported upstream fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402043 - doxygen-1.8.12-1.fc25 undeclared runtime dependency on perl https://bugzilla.redhat.com/show_bug.cgi?id=1402043 -------------------------------------------------------------------------------- ================================================================================ evince-3.22.1-2.fc25 (FEDORA-2016-3759fe3581) Document viewer -------------------------------------------------------------------------------- Update Information: * don't report worrying warning about inability to copy metadata on some target filesystems -------------------------------------------------------------------------------- References: [ 1 ] Bug #1022649 - evince: Error setting extended attribute 'security.selinux': Operation not supported https://bugzilla.redhat.com/show_bug.cgi?id=1022649 -------------------------------------------------------------------------------- ================================================================================ fabric-1.12.1-0.fc25 (FEDORA-2016-4dbc699b55) A simple Pythonic remote deployment tool -------------------------------------------------------------------------------- Update Information: Update to 1.12.1 (bugfix release) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401726 - fabric-1.12.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401726 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.26-2.fc25 (FEDORA-2016-ea5bded2cf) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: This build contains changes needed for flag day on December 12. - Once you use this version to upload new sources, older versions of `fedpkg` will not be able to work with the package. - pkgs and lookaside site URL are changed. The new URL uses ``https``. You can see the new URls with ``-d`` and ``-v`` when ``clone`` and ``sources``. Changelog - rpkg, https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst - fedpkg, https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst -------------------------------------------------------------------------------- References: [ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=714726 [ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you how to do a scratch build without pushing https://bugzilla.redhat.com/show_bug.cgi?id=841516 [ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to unpushed changes https://bugzilla.redhat.com/show_bug.cgi?id=1325775 [ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help text is misleading https://bugzilla.redhat.com/show_bug.cgi?id=1203757 [ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are unpushed changes in your repo" when there are no unpushed changes in the current branch https://bugzilla.redhat.com/show_bug.cgi?id=1169663 [ 6 ] Bug #1402882 - fedpkg local fails https://bugzilla.redhat.com/show_bug.cgi?id=1402882 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-hapcryst-0.1.11-1.fc25 (FEDORA-2016-64d4930cdd) Integral cohomology computations of Bieberbach groups -------------------------------------------------------------------------------- Update Information: This new package is an add-on for Graham Ellis' HAP package. HAPcryst implements some functions for crystallographic groups (namely OrbitStabilizer- type methods). It is also capable of calculating free resolutions for Bieberbach groups. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1378526 - Review Request: gap-pkg-hapcryst - Integral cohomology computations of Bieberbach groups https://bugzilla.redhat.com/show_bug.cgi?id=1378526 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-polenta-1.3.7-1.fc25 (FEDORA-2016-624960ed1c) Polycyclic presentations for matrix groups -------------------------------------------------------------------------------- Update Information: Changes in version 1.3.7 (2016-11-09): - Disabled some unused code for multiplicative Jordan decomposition and for simultaneously diagonalizing commuting matrices - Avoid using polycyclic's NaturalHomomorphism operation, instead use NaturalHomomorphismByNormalSubgroup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403107 - gap-pkg-polenta-v1.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1403107 -------------------------------------------------------------------------------- ================================================================================ gap-pkg-xmod-2.58-1.fc25 (FEDORA-2016-d14870fe5b) Crossed Modules and Cat1-Groups for GAP -------------------------------------------------------------------------------- Update Information: This new package allows for computation with crossed modules, cat1-groups, morphisms of these structures, derivations of crossed modules and the corresponding sections of cat1-groups. Experimental functions for crossed squares are now included. In October 2015 a new section on isoclinism of crossed modules was added. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1399365 - Review Request: gap-pkg-xmod - Crossed Modules and Cat1-Groups for GAP https://bugzilla.redhat.com/show_bug.cgi?id=1399365 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-7.3p1-4.fc25 (FEDORA-2016-0e747e1f9d) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Sync with openssh package. -------------------------------------------------------------------------------- ================================================================================ inxi-2.3.5-1.fc25 (FEDORA-2016-84bccfd6d7) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 2.3.5. -------------------------------------------------------------------------------- ================================================================================ knot-2.3.3-1.fc25 (FEDORA-2016-c077e779b1) High-performance authoritative DNS server -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ libabigail-1.0-0.8.rc6.4.fc25 (FEDORA-2016-f6a8e8033f) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information: Fix upstream bug - Fix aborting when reading .foo symbols from a ppc64 binary ---- Fix upstream Bug 20927 - Segfault when abidiff is invoked with $HOME not set ---- Fix an issue where some suppressed diff nodes are still visible in change reports ---- Update to upstream 1.0.rc6 tarball -------------------------------------------------------------------------------- References: [ 1 ] Bug #1352547 - Missing pyxdg as Requires in libabigail-1.0-0.8.rc5.3.fc24 https://bugzilla.redhat.com/show_bug.cgi?id=1352547 [ 2 ] Bug #19658 - None https://bugzilla.redhat.com/show_bug.cgi?id=19658 -------------------------------------------------------------------------------- ================================================================================ liberasurecode-1.4.0-1.fc25 (FEDORA-2016-496558130f) Erasure Code API library written in C with pluggable backends -------------------------------------------------------------------------------- Update Information: This update to 1.4.0 permits a use of "isa_l_rs_cauchy" method of erasure coding. -------------------------------------------------------------------------------- ================================================================================ libgsf-1.14.33-4.fc25 (FEDORA-2016-6ba1694d89) GNOME Structured File library -------------------------------------------------------------------------------- Update Information: * Security fix for CVE-2016-9888 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403198 - CVE-2016-9888 libgsf: Null pointer dereference in tar_directory_for_file() https://bugzilla.redhat.com/show_bug.cgi?id=1403198 -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.7-1.fc25 (FEDORA-2016-074ca36612) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: New upstream version libtiff-4.0.7 (#1403163) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403163 - Update libtiff to 4.0.7 https://bugzilla.redhat.com/show_bug.cgi?id=1403163 -------------------------------------------------------------------------------- ================================================================================ netpanzer-0.8.7-2.fc25 (FEDORA-2016-9b4c23d87e) An Online Multiplayer Tactical Warfare Game -------------------------------------------------------------------------------- Update Information: Restore use of $RPM_OPT_FLAGS. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402803 - netpanzer-0.8.7-1.fc26 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=1402803 -------------------------------------------------------------------------------- ================================================================================ nom-tam-fits-1.15.1-1.fc25 (FEDORA-2016-fc34546e7e) Java library for reading and writing FITS files -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- ================================================================================ nvme-cli-1.0-2.fc25 (FEDORA-2016-ecfb0a505c) NVMe management command line interface -------------------------------------------------------------------------------- Update Information: New minor release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1372114 - nvme-cli-v0.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1372114 [ 2 ] Bug #1395459 - nvme-cli-v1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1395459 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.22-7.fc25 (FEDORA-2016-180b59a3c4) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes "pcre2-config --libs-posix" output, a memory leak in pcre2test tool, a buffer overflow in the library when partial-matching for CR-LF in an empty buffer and a crash in pcre2test tool when diplaying wide characters. -------------------------------------------------------------------------------- ================================================================================ pcsc-lite-1.8.19-1.fc25 (FEDORA-2016-5928b578a1) PC/SC Lite smart card framework and applications -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ pcsxr-1.9.94-6.fc25 (FEDORA-2016-2b999e631a) A plugin based PlayStation (PSX) emulator with high compatibility -------------------------------------------------------------------------------- Update Information: New package, imported from RPMFusion. Updates from RPMFusion to Fedora: - Relocate COPYING license file - Remove assert patch (issue was fixed in 1.9.93) - Added appdata - Remove static libraries -------------------------------------------------------------------------------- References: [ 1 ] Bug #1379798 - Review Request: pcsxr - A plugin based PlayStation (PSX) emulator with high compatibility https://bugzilla.redhat.com/show_bug.cgi?id=1379798 -------------------------------------------------------------------------------- ================================================================================ perl-AuthCAS-1.7-1.fc25 (FEDORA-2016-16595c0ba3) Client library for CAS 2.0 authentication server -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387455 - perl-AuthCAS-1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1387455 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Format-2.16-1.fc25 (FEDORA-2016-05f5347085) HTML formatter modules -------------------------------------------------------------------------------- Update Information: Upstream bugfix release. -------------------------------------------------------------------------------- ================================================================================ perl-Net-LDAP-SID-0.001-1.fc25 (FEDORA-2016-30fd08b229) Net::LDAP::SID Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ perl-PDF-Create-1.39-1.fc25 (FEDORA-2016-1bb63671b7) Create PDF files -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1395461 - perl-PDF-Create-1.39 is available https://bugzilla.redhat.com/show_bug.cgi?id=1395461 -------------------------------------------------------------------------------- ================================================================================ perl-Text-vCard-3.09-1.fc25 (FEDORA-2016-ca6f1ed270) Package to edit and create a single vCard (RFC 2426) -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385016 - Upgrade perl-Text-vCard to 3.08 https://bugzilla.redhat.com/show_bug.cgi?id=1385016 -------------------------------------------------------------------------------- ================================================================================ perl-iCal-Parser-1.21-1.fc25 (FEDORA-2016-0cc7e7d71e) Parse iCalendar files into a data structure -------------------------------------------------------------------------------- Update Information: This release fixes various parser failures. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403038 - perl-iCal-Parser-1.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1403038 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-expressive-1.0.5-1.fc25 (FEDORA-2016-600fd713e6) PSR-7 Middleware Microframework based on Stratigility -------------------------------------------------------------------------------- Update Information: **Version 1.0.5** - 2016-12-08 - [#403](https://github.com/zendframework/zend- expressive/pull/403) updates the `AppFactory::create()` logic to raise exceptions in either of the following scenarios: - no container is specified, and the class `Zend\ServiceManager\ServiceManager` is not available. - no router is specified, and the class `Zend\Expressive\Router\FastRouteRouter` is not available. - [#405](https://github.com/zendframework/zend-expressive/pull/405) fixes how the `TemplatedErrorHandler` injects templated content into the response. Previously, it would `write()` directly to the existing response body, which could lead to issues if previous middleware had written to the response (as the templated contents would append the previous contents). With this release, it now creates a new `Zend\Diactoros\Stream`, writes to that, and returns a new response with that new stream, guaranteeing it only contains the new contents. - [#404](https://github.com/zendframework/zend-expressive/pull/404) fixes the `swallowDeprecationNotices()` handler such that it will not swallow a global handler once application execution completes. ---- **Version 1.0.4** - 2016-12-07 - [#402](https://github.com/zendframework/zend- expressive/pull/402) fixes how `Application::__invoke()` registers the error handler designed to swallow deprecation notices, as introduced in 1.0.3. It now checks to see if another error handler was previously registered, and, if so, creates a composite handler that will delegate to the previous for all other errors. -------------------------------------------------------------------------------- ================================================================================ poppler-data-0.4.7-6.fc25 (FEDORA-2016-d6a352eeca) Encoding files -------------------------------------------------------------------------------- Update Information: Simple rebuild to fix paths for ghostscript, no changes in behaviour expected. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402306 - Can't find CMap Identity-UTF16-H https://bugzilla.redhat.com/show_bug.cgi?id=1402306 -------------------------------------------------------------------------------- ================================================================================ pungi-4.1.11-3.fc25 (FEDORA-2016-9c25320b71) Distribution compose tool -------------------------------------------------------------------------------- Update Information: Changes for ostree: - Allow using extra repos to get packages for composing OSTree repository (qwan) - Capture all lorax logs from generating installer. (lsedlar) - Allow adding versioning metadata. (qwan) - New option to enable generating ostree summary file. (qwan) - Use the `write-commitid-to` feature rather than parsing ostree logs. (puiterwijk) Other improvements: - Faster multilib blacklist processing in depsolving (dmach, lsedlar) - Generating latest symlink can now be skipped. (qwan) - A notification is sent when compose fails to start. (lsedlar) Backport patches for ostree installer: - Expose lorax's `rootfs-size` argument. (walters) - use `dvd-ostree` type in metadata. (lsedlar) -------------------------------------------------------------------------------- ================================================================================ python-basemap-1.0.7-14.fc25 (FEDORA-2016-8fb579c00a) Plots data on map projections (with continental and political boundaries) -------------------------------------------------------------------------------- Update Information: Patch for numpy change. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1403159 - np.concatenate((lsmask_lons,lsmask_lons[1:]+360),1) : IndexError: axis 1 out of bounds [0, 1) https://bugzilla.redhat.com/show_bug.cgi?id=1403159 -------------------------------------------------------------------------------- ================================================================================ python-cvss-1.6-1.fc25 (FEDORA-2016-6aebbe1ae8) CVSS2/3 library with interactive calculator -------------------------------------------------------------------------------- Update Information: Update to 1.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402174 - python-cvss-v1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402174 -------------------------------------------------------------------------------- ================================================================================ python-requestbuilder-0.7.1-1.fc25 (FEDORA-2016-333eff5cb3) Command line-driven HTTP request builder -------------------------------------------------------------------------------- Update Information: This update fixes bugs in configuration file handling and commands' help output formatting. It also adds a NOTICE logging level. -------------------------------------------------------------------------------- ================================================================================ python-stem-1.5.3-1.fc25 (FEDORA-2016-5476c2e6e1) Python controller library for Tor -------------------------------------------------------------------------------- Update Information: Version 1.5.3 -------------------------------------------------------------------------------- ================================================================================ radicale-1.1.1-9.fc25 (FEDORA-2016-4339113d45) A simple CalDAV (calendar) and CardDAV (contact) server -------------------------------------------------------------------------------- Update Information: Allow radicale_t to execute bin_t in SELinux policy -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393569 - SELinux is preventing radicale from execute access on the file /usr/bin/python3.5. https://bugzilla.redhat.com/show_bug.cgi?id=1393569 -------------------------------------------------------------------------------- ================================================================================ root-6.08.02-1.fc25 (FEDORA-2016-5112b85682) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: https://root.cern.ch/doc/v608/release-notes.html#release-6.0802 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1376324 - root is not built for aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1376324 -------------------------------------------------------------------------------- ================================================================================ rpkg-1.47-3.fc25 (FEDORA-2016-ea5bded2cf) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information: This build contains changes needed for flag day on December 12. - Once you use this version to upload new sources, older versions of `fedpkg` will not be able to work with the package. - pkgs and lookaside site URL are changed. The new URL uses ``https``. You can see the new URls with ``-d`` and ``-v`` when ``clone`` and ``sources``. Changelog - rpkg, https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst - fedpkg, https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst -------------------------------------------------------------------------------- References: [ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=714726 [ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you how to do a scratch build without pushing https://bugzilla.redhat.com/show_bug.cgi?id=841516 [ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to unpushed changes https://bugzilla.redhat.com/show_bug.cgi?id=1325775 [ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help text is misleading https://bugzilla.redhat.com/show_bug.cgi?id=1203757 [ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are unpushed changes in your repo" when there are no unpushed changes in the current branch https://bugzilla.redhat.com/show_bug.cgi?id=1169663 [ 6 ] Bug #1402882 - fedpkg local fails https://bugzilla.redhat.com/show_bug.cgi?id=1402882 -------------------------------------------------------------------------------- ================================================================================ salt-2016.3.4-1.fc25 (FEDORA-2016-e0d9455a69) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Update to feature release 2016.3.4 -------------------------------------------------------------------------------- ================================================================================ samba-4.5.2-0.fc25 (FEDORA-2016-f7b96856a7) Server and Client software to interoperate with Windows machines -------------------------------------------------------------------------------- Update Information: Update to Samba 4.5.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1343529 - samba-4.5.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1343529 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-225.3.fc25 (FEDORA-2016-f24b3ddc6a) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: Update with the latest fixes for selinux-policy. Update fixes important bug with nfs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1275961 - SELinux is preventing 57656220436F6E74656E74 from 'create' accesses on the rawip_socket Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=1275961 [ 2 ] Bug #1378164 - spamassassin triggers selinux alert https://bugzilla.redhat.com/show_bug.cgi?id=1378164 [ 3 ] Bug #1398852 - SELinux is preventing iptables.init from 'execute_no_trans' accesses on the file /usr/bin/plymouth. https://bugzilla.redhat.com/show_bug.cgi?id=1398852 [ 4 ] Bug #1400559 - SELinux is preventing ruby from 'create' accesses on the netlink_connector_socket Unknown. https://bugzilla.redhat.com/show_bug.cgi?id=1400559 [ 5 ] Bug #1401233 - SELinux is preventing iw from 'ioctl' accesses on the unix_dgram_socket unix_dgram_socket. https://bugzilla.redhat.com/show_bug.cgi?id=1401233 [ 6 ] Bug #1401375 - SELinux is preventing lircd from 'search' accesses on the directory /var/lib/sss. https://bugzilla.redhat.com/show_bug.cgi?id=1401375 [ 7 ] Bug #1401827 - SELinux is preventing svnserve from 'getattr' accesses on the chr_file /dev/random. https://bugzilla.redhat.com/show_bug.cgi?id=1401827 [ 8 ] Bug #1402083 - SELinux prevents systemd from starting nfs.service https://bugzilla.redhat.com/show_bug.cgi?id=1402083 [ 9 ] Bug #1402327 - SELinux is preventing pptpcm from 'read' accesses on the chr_file random. https://bugzilla.redhat.com/show_bug.cgi?id=1402327 [ 10 ] Bug #1402427 - NFS mounts fail due to SELinux denial for rpcbind.socket on /run/rpc.statd.lock https://bugzilla.redhat.com/show_bug.cgi?id=1402427 [ 11 ] Bug #1402667 - nfs home can not be mounted after latest policycoreutils update https://bugzilla.redhat.com/show_bug.cgi?id=1402667 -------------------------------------------------------------------------------- ================================================================================ tor-0.2.8.11-1.fc25 (FEDORA-2016-ea8acc48ab) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information: update to upstream release 0.2.8.11 ---- update to upstream release 0.2.8.10 -------------------------------------------------------------------------------- ================================================================================ tracker-1.10.2-1.fc25 (FEDORA-2016-cc3ab3b292) Desktop-neutral search tool and indexer -------------------------------------------------------------------------------- Update Information: tracker 1.10.2 release. * tracker-extract: Sandbox extractor threads. Filesystem and network access are limited to being read and local only. * libtracker-sparql: Fix compile on C++ compilers * tracker-extract: Use CUE info as a last resort on FLACs * tracker-extract: Minor improvements on albumartist extraction * libtracker-data: Handle overflows on libicu-based normalization -------------------------------------------------------------------------------- ================================================================================ valabind-0.10.0-1.fc25 (FEDORA-2016-bc4ea1c6ce) Transform vala or vapi files into swig, C++, NodeJS-ffi, or GIR -------------------------------------------------------------------------------- Update Information: - Rebuilt for new upstream release 0.10.0, fixes rhbz #1310921 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1310921 - valabind-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310921 -------------------------------------------------------------------------------- ================================================================================ xen-4.7.1-4.fc25 (FEDORA-2016-b6ec330099) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: ARM guests may induce host asynchronous abort [XSA-201, CVE-2016-9815, -------------------------------------------------------------------------------- References: [ 1 ] Bug #1399746 - CVE-2016-9815 CVE-2016-9816 CVE-2016-9817 CVE-2016-9818 xsa201 xen: ARM guests may induce host asynchronous abort (XSA-201) https://bugzilla.redhat.com/show_bug.cgi?id=1399746 [ 2 ] Bug #1334398 - CVE-2016-9921 CVE-2016-9922 Qemu: display: cirrus_vga: a divide by zero in cirrus_do_copy https://bugzilla.redhat.com/show_bug.cgi?id=1334398 [ 3 ] Bug #1402276 - CVE-2016-9913 CVE-2016-9914 CVE-2016-9915 CVE-2016-9916 Qemu: 9pfs: memory leakage via proxy/handle callbacks https://bugzilla.redhat.com/show_bug.cgi?id=1402276 -------------------------------------------------------------------------------- ================================================================================ zabbix-3.0.6-1.fc25 (FEDORA-2016-b456d2b82b) Open-source monitoring solution for your IT infrastructure -------------------------------------------------------------------------------- Update Information: - http://www.zabbix.com/rn3.0.6 - https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew306 -------------------------------------------------------------------------------- ================================================================================ zile-2.4.13-1.fc25 (FEDORA-2016-257017fa26) Zile Is Lossy Emacs -------------------------------------------------------------------------------- Update Information: - Rebuilt for new upstream release 2.4.13, fixes rhbz #1385997 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385997 - zile-2.4.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1385997 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
