The following Fedora 25 Security updates need testing: Age URL 121 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b3ed5f170 chicken-4.11.0-3.fc25 73 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6dd3bc37c3 compat-guile18-1.8.8-14.fc25 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad ipsilon-2.0.2-2.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-daf90926d4 dovecot-2.2.27-1.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2016-01eba63bcc FlightGear-2016.3.1-3.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fce8b939c9 python-wikitcms-2.1.10-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f30fae0f67 nagios-plugins-2.1.4-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9b83c6862d community-mysql-5.7.17-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-89ee54c661 mingw-openjpeg2-2.1.2-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-c614315d29 squid-4.0.17-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-95b4e9077e tor-0.2.8.12-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b6cb3e83fa js-jquery1-1.12.4-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-897a1e6698 smack-4.1.5-3.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a6e72e28e1 php-zendframework-zend-mail-2.7.2-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5557ccf1f9 zookeeper-3.4.9-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2361e1e07a cxf-3.1.6-3.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3477b592e3 hdf5-1.8.17-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3e562bb52 libbsd-0.8.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f341d71730 springframework-3.2.18-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-edbb33ab2e curl-7.51.0-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2bca1021a3 seamonkey-2.46-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a1231ada78 python-productmd-1.3-1.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2016-940ecb5c59 wpa_supplicant-2.6-1.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2016-9c25320b71 pungi-4.1.11-3.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ab324eaf7a libnl3-3.2.29-0.2.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-469935a9d1 xorg-x11-server-1.19.0-3.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2016-be5fa630c5 vim-8.0.134-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3189d3a4df PackageKit-1.1.5-0.1.20161221.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b49fa138f4 glibc-2.24-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-edbb33ab2e curl-7.51.0-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-37c1b46c83 python-mako-1.0.6-1.fc25 The following builds have been pushed to Fedora 25 updates-testing cinnamon-3.2.7-1.fc25 cinnamon-screensaver-3.2.12-1.fc25 composer-1.3.0-1.fc25 curl-7.51.0-4.fc25 darktable-2.2.0-1.fc25 glibc-2.24-4.fc25 gnome-builder-3.22.4-1.fc25 golly-2.8-1.fc25 gromacs-2016.1-2.fc25 java-1.8.0-openjdk-aarch32-1.8.0.112-1.161109.fc25 kf5-libktorrent-2.0.1-5.fc25 lirc-0.9.4c-6.fc25 mate-session-manager-1.16.0-2.fc25 nfs-ganesha-2.4.1-2.fc25 nodejs-zipfile-0.5.11-1.fc25 odb-2.4.0-16.fc25 perl-B-Debug-1.24-1.fc25 php-akamai-open-edgegrid-auth-0.6.1-1.fc25 php-akamai-open-edgegrid-client-0.6.2-2.fc25 php-deepend-Mockery-0.9.7-1.fc25 php-nette-di-2.4.5-1.fc25 php-react-promise-2.5.0-1.fc25 php-zendframework-zend-expressive-helpers-2.2.0-1.fc25 python-ccdproc-1.2.0-1.fc25 python-mako-1.0.6-1.fc25 sagemath-7.3-7.fc25 seamonkey-2.46-1.fc25 springframework-3.2.18-1.fc25 tuxguitar-1.4-1.fc25 wine-2.0-0.1.rc2.fc25 Details about builds: ================================================================================ cinnamon-3.2.7-1.fc25 (FEDORA-2016-6b61cc6489) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ================================================================================ cinnamon-screensaver-3.2.12-1.fc25 (FEDORA-2016-6b61cc6489) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information: - Update -------------------------------------------------------------------------------- ================================================================================ composer-1.3.0-1.fc25 (FEDORA-2016-9b145fae91) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.3.0** - 2016-12-24 * Fixed handling of annotated git tags vs lightweight tags leading to useless updates sometimes * Fixed ext-xdebug not being require-able anymore due to automatic xdebug disabling * Fixed case insensitivity of remove command **Version 1.3.0-RC** - 2016-12-11 * Added workaround for xdebug performance impact by restarting PHP without xdebug automatically in case it is enabled * Added `--minor-only` to the `outdated` command to only show updates to minor versions and ignore new major versions * Added `--apcu-autoloader` to the `update`/`install` commands and `--apcu` to `dump-autoload` to enable an APCu-caching autoloader, which can be more efficient than --classmap-authoritative if you attempt to autoload many classes that do not exist, or if you can not use authoritative classmaps for some reason * Added summary of operations to be executed before they run, and made execution output more compact * Added `php-debug` and `php-zts` virtual platform packages * Added `gitlab-token` auth config for GitLab private tokens * Added `--strict` to the `outdated` command to return a non-zero exit code when there are outdated packages * Added ability to call php scripts using the current php interpreter (instead of finding php in PATH by default) in script handlers via `@php ...` * Added `COMPOSER_ALLOW_XDEBUG` env var to circumvent the xdebug-disabling behavior * Added `COMPOSER_MIRROR_PATH_REPOS` env var to force mirroring of path repositories vs symlinking * Added `COMPOSER_DEV_MODE` env var that is set by Composer to forward the dev mode to script handlers * Fixed support for git 2.11 * Fixed output from zip and rar leaking out when an error occured * Removed `hash` from composer.lock, only `content-hash` is now used which should reduce conflicts * Minor fixes and performance improvements -------------------------------------------------------------------------------- ================================================================================ curl-7.51.0-4.fc25 (FEDORA-2016-edbb33ab2e) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - fix floating point buffer overflow issues (CVE-2016-9586) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406716 - CVE-2016-9586 curl: printf floating point buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1406716 -------------------------------------------------------------------------------- ================================================================================ darktable-2.2.0-1.fc25 (FEDORA-2016-35d9388016) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: 2.2.0 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400075 - darktable-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400075 -------------------------------------------------------------------------------- ================================================================================ glibc-2.24-4.fc25 (FEDORA-2016-b49fa138f4) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update addresses user-reported bugs including #1398370 where ssh configurations using kerberos authentication could fail with *_dl_close: Assertion `map->l_init_called' failed!* -------------------------------------------------------------------------------- References: [ 1 ] Bug #1398370 - Plugin unloading causes undefined behavior: Inconsistency detected by ld.so: dl-close.c: 811: _dl_close: Assertion `map->l_init_called' failed! https://bugzilla.redhat.com/show_bug.cgi?id=1398370 -------------------------------------------------------------------------------- ================================================================================ gnome-builder-3.22.4-1.fc25 (FEDORA-2016-24109870d3) IDE for writing GNOME-based software -------------------------------------------------------------------------------- Update Information: gnome-builder 3.22.4 release. * Some minor improvements to vala auto- completion * UI tweaks to project creation view for better discovery * Allow wider content in the file selection popover * Improve cache eviction when certain project files change * Allow talking to FileManager1 DBUS interface from flatpak * A handful of leak fixes * Improved unit tests * Avoid overzealous background project builds * Runtimes can now translate paths to files such as headers so that the processes outside the runtime can access them. * Allow libclang to parse files inside of Flatpak runtimes. This ensures that autocompletion and diagnostics work when building against org.gnome.Sdk * Autotools will discover gmake vs make from the runtime * A "clone and edit this flatpak" feature as been added using the -m command line option. This integrates with some GNOME-based compositors to allow an "edit this app" feature. * Various build system improvements * Improved support for building flatpaks * Improved support for the meson build system * Builder depends on a newer VTE for various regex features and now the build system configure check reflects that. * Some vim improvements -------------------------------------------------------------------------------- ================================================================================ golly-2.8-1.fc25 (FEDORA-2016-1551012d52) Cellular automata simulator (includes Conway's Game of Life) -------------------------------------------------------------------------------- Update Information: Updated to latest upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1296103 - update 2.7 https://bugzilla.redhat.com/show_bug.cgi?id=1296103 -------------------------------------------------------------------------------- ================================================================================ gromacs-2016.1-2.fc25 (FEDORA-2016-5122e909eb) Fast, Free and Flexible Molecular Dynamics -------------------------------------------------------------------------------- Update Information: Bump to add support for inside docker. -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-aarch32-1.8.0.112-1.161109.fc25 (FEDORA-2016-5a10b53397) OpenJDK Runtime Environment in a preview of the OpenJDK AArch32 project -------------------------------------------------------------------------------- Update Information: 8u112 feature update, sync with mainline package -------------------------------------------------------------------------------- ================================================================================ kf5-libktorrent-2.0.1-5.fc25 (FEDORA-2016-cab746d8a0) Library providing torrent downloading code -------------------------------------------------------------------------------- Update Information: KDE Framework providing torrent downloading code. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1386774 - Review Request: kf5-libktorrent - Library providing torrent downloading code https://bugzilla.redhat.com/show_bug.cgi?id=1386774 -------------------------------------------------------------------------------- ================================================================================ lirc-0.9.4c-6.fc25 (FEDORA-2016-04c837c067) The Linux Infrared Remote Control package -------------------------------------------------------------------------------- Update Information: Fixes bug in parsing --listen option (#249) -------------------------------------------------------------------------------- ================================================================================ mate-session-manager-1.16.0-2.fc25 (FEDORA-2016-84c660cad4) MATE Desktop session manager -------------------------------------------------------------------------------- Update Information: fix resizing the startup applications preferences window -------------------------------------------------------------------------------- ================================================================================ nfs-ganesha-2.4.1-2.fc25 (FEDORA-2016-0c61baf4a4) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information: nfs-ganesha 2.4.1 w/ glusterfs-3.8.6 upcall fix and FSAL_RGW -------------------------------------------------------------------------------- ================================================================================ nodejs-zipfile-0.5.11-1.fc25 (FEDORA-2016-ef8c2be7d3) C++ library for handling zipfiles in Node.js -------------------------------------------------------------------------------- Update Information: Update to latest version to fix warnings from Node. -------------------------------------------------------------------------------- ================================================================================ odb-2.4.0-16.fc25 (FEDORA-2016-4f1d3df45b) Object-relational mapping (ORM) system for C++ -------------------------------------------------------------------------------- Update Information: Fix for [gcc 6](http://codesynthesis.com/pipermail/odb- users/2016-December/003581.html) -------------------------------------------------------------------------------- ================================================================================ perl-B-Debug-1.24-1.fc25 (FEDORA-2016-d1f5dffb56) Walk Perl syntax tree, print debug information about op-codes -------------------------------------------------------------------------------- Update Information: This release adapts tests to Perl 5.25.6. We deliver only to provide newer version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408456 - perl-B-Debug-1.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1408456 -------------------------------------------------------------------------------- ================================================================================ php-akamai-open-edgegrid-auth-0.6.1-1.fc25 (FEDORA-2016-22a1011513) Implements the Akamai {OPEN} EdgeGrid Authentication -------------------------------------------------------------------------------- Update Information: ### 0.6.1 [17 Dec, 2016] * Fix PHP 7.1 compatibility (@remicollet) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405779 - php-akamai-open-edgegrid-auth-0.6.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405779 -------------------------------------------------------------------------------- ================================================================================ php-akamai-open-edgegrid-client-0.6.2-2.fc25 (FEDORA-2016-02fd58f542) Implements the Akamai {OPEN} EdgeGrid Authentication -------------------------------------------------------------------------------- Update Information: ### 0.6.2 [17 Dec, 2016] * Update to akamai-open/edgegrid-auth 0.6.1 (PHP 7.1 compatibility) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405781 - php-akamai-open-edgegrid-client-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405781 -------------------------------------------------------------------------------- ================================================================================ php-deepend-Mockery-0.9.7-1.fc25 (FEDORA-2016-040f9e539e) Mockery is a simple but flexible PHP mock object framework -------------------------------------------------------------------------------- Update Information: **Version 0.9.7** * Clear the _filesToCleanUp array after unlink. -------------------------------------------------------------------------------- ================================================================================ php-nette-di-2.4.5-1.fc25 (FEDORA-2016-584fcb4bf5) Nette Dependency Injection Component -------------------------------------------------------------------------------- Update Information: **version 2.4.5** * ContainerBuilder: support for nullable types in generated factories #132 * DependencyChecker: fixed serialization of returnType, supports nullable types * Config\Loader: allow absolute paths in includes section (#131) * IniAdapter, NeonAdapter: process() is public #134 * return self -> static -------------------------------------------------------------------------------- ================================================================================ php-react-promise-2.5.0-1.fc25 (FEDORA-2016-380d08a395) A lightweight implementation of CommonJS Promises/A for PHP -------------------------------------------------------------------------------- Update Information: ### 2.5.0 (2016-12-22) * Revert automatic cancellation of pending collection promises once the output promise resolves. This was introduced in 42d86b7 (PR #36, released in [v2.3.0](https://github.com/reactphp/promise/releases/tag/v2.3.0)) and was both unintended and backward incompatible. If you need automatic cancellation, you can use something like: ``` function allAndCancel(array $promises) { return \React\Promise\all($promises) ->always(function() use ($promises) { foreach ($promises as $promise) { if ($promise instanceof \React\Promise\CancellablePromiseInterface) { $promise->cancel(); } } }); } ``` * `all()` and `map()` functions now preserve the order of the array (#77). * Fix circular references when resolving a promise with itself (#71). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408344 - php-react-promise-2.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1408344 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-expressive-helpers-2.2.0-1.fc25 (FEDORA-2016-cccb1fad6b) Helper/Utility classes for Expressive -------------------------------------------------------------------------------- Update Information: **Version 2.2.0** - 2016-12-23 - [#30](https://github.com/zendframework/zend- expressive-helpers/pull/30) Use new ZF coding standard - [#31](https://github.com/zendframework/zend-expressive-helpers/pull/32) Check to ensure 100% test coverage is retained **Version 2.1.1** - 2016-12-23 - [#29](https://github.com/zendframework/zend-expressive-helpers/pull/29) Don't throw exception on empty JSON body -------------------------------------------------------------------------------- ================================================================================ python-ccdproc-1.2.0-1.fc25 (FEDORA-2016-6d6b87c5f7) Astropy affiliated package for reducing optical/IR CCD data -------------------------------------------------------------------------------- Update Information: new release -------------------------------------------------------------------------------- ================================================================================ python-mako-1.0.6-1.fc25 (FEDORA-2016-37c1b46c83) Mako template library for Python -------------------------------------------------------------------------------- Update Information: Update to 1.0.6 (#1257376). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1257376 - python-mako-1.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1257376 -------------------------------------------------------------------------------- ================================================================================ sagemath-7.3-7.fc25 (FEDORA-2016-f67bf04062) A free open-source mathematics software system -------------------------------------------------------------------------------- Update Information: Correct build from source and f24 to f25 sagemath upgrade problems. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396848 - file conflict prevents upgrade https://bugzilla.redhat.com/show_bug.cgi?id=1396848 [ 2 ] Bug #1381949 - Missing dependency: python-speaklater https://bugzilla.redhat.com/show_bug.cgi?id=1381949 -------------------------------------------------------------------------------- ================================================================================ seamonkey-2.46-1.fc25 (FEDORA-2016-2bca1021a3) Web browser, e-mail, news, IRC client, HTML editor -------------------------------------------------------------------------------- Update Information: Update to 2.46 Fixes various security issues, see http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html for more info. No more includes Chatzilla and DOM Inspector in the package -- install them yourself now (as usual other addons) from https://addons.mozilla.org -------------------------------------------------------------------------------- ================================================================================ springframework-3.2.18-1.fc25 (FEDORA-2016-f341d71730) Spring Java Application Framework -------------------------------------------------------------------------------- Update Information: Update to 3.2.18.RELEASE. Resolves: CVE-2016-9878 (rhbz#1408164,1408165) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408164 - CVE-2016-9878 Spring Framework: Directory Traversal in the Spring Framework ResourceServlet https://bugzilla.redhat.com/show_bug.cgi?id=1408164 -------------------------------------------------------------------------------- ================================================================================ tuxguitar-1.4-1.fc25 (FEDORA-2016-91f7a8c6dd) A multitrack tablature editor and player written in Java-SWT -------------------------------------------------------------------------------- Update Information: * New edit Toolbar * Several bugs fixed -------------------------------------------------------------------------------- ================================================================================ wine-2.0-0.1.rc2.fc25 (FEDORA-2016-a949dc3bee) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: https://www.winehq.org/announce/2.0-rc2 - Bug fixes only, we are in code freeze. https://wine-staging.com/news/2016-12-21-release-2.0-rc2.html - Implement basic AES support in bcrypt. - Remove GnuTLS / CommonCrypto dependency for hash calculations in bcrypt. - Improve TIFF support in windoscodecs. - Various improvements in user32, winhttp and other dlls. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
