The following Fedora 25 Security updates need testing: Age URL 65 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c3739273e5 mingw-gtk-vnc-0.7.0-1.fc25 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f3aac83a8f suricata-3.2.1-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9ffa8b00f canl-c-2.1.8-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8b0737b093 cacti-1.0.4-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c87bbae385 drupal7-metatag-1.21-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-98f85533f0 freeipa-4.4.3-2.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e821698 knot-2.4.1-1.fc25 knot-resolver-1.2.3-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-82ce4661d6 drupal7-views-3.15-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3776c9d747 munin-2.0.30-5.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-25fe7ab217 rabbitmq-server-3.6.6-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5a6ed9d326 libcacard-2.5.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-96b7f4f53e bind99-9.9.9-4.P6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ca3f01bd37 php-pear-PHP-CodeSniffer-2.8.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c71a0f40f0 GraphicsMagick-1.3.25-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f9ab92fa6c kf5-kio-5.31.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a819664a6 mupdf-1.10a-4.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 42 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d117622795 pungi-4.1.12-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-67d4fc728f libinput-1.6.2-2.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0986b6d6a1 sssd-1.15.0-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5dbde322a epiphany-3.22.6-2.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4f607645a5 lorax-25.19-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f66b383735 java-1.8.0-openjdk-1.8.0.121-8.b14.fc25 nss-3.28.3-1.0.fc25 nss-softokn-3.28.3-1.1.fc25 nss-util-3.28.3-1.0.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-450fe04a06 python-pyasn1-0.2.3-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9778e2d516 nss-pem-1.0.3-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-105a2c312e python-idna-2.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-24ce0b63c4 coreutils-8.25-16.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4d63080f02 libblockdev-1.9-10.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-943295e003 gdm-3.22.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bef8dd008a libwacom-0.24-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b09315ea15 libseccomp-2.3.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-96b7f4f53e bind99-9.9.9-4.P6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce763afcbe gtk3-3.22.9-2.fc25 The following builds have been pushed to Fedora 25 updates-testing GraphicsMagick-1.3.25-6.fc25 amanda-3.4.3-1.fc25 bind99-9.9.9-4.P6.fc25 bluez-tools-0.2.0-0.3.git20161212.97efd29.fc25 btrfs-heatmap-5-2.20170222git8c9b111.fc25 caja-terminal-0.9.1-3.fc25 cifs-utils-6.7-1.fc25 cockpit-133-1.fc25 coreutils-8.25-16.fc25 crawl-0.19.5-1.fc25 custodia-0.1.0-6.fc25 ecryptfs-simple-2016.11.16.1-3.fc25 emacs-haskell-mode-16.1-1.fc25 entr-3.7-2.fc25 gdm-3.22.2-1.fc25 golang-github-vitrun-qart-0.1-1.fc25 gtk3-3.22.9-2.fc25 kf5-kio-5.31.0-2.fc25 koschei-1.9.1-1.fc25 libblockdev-1.9-10.fc25 libseccomp-2.3.2-1.fc25 libwacom-0.24-1.fc25 mosquitto-1.4.11-1.fc25 mtr-0.87-2.fc25 mupdf-1.10a-4.fc25 notmuch-0.23.7-1.fc25 open-vm-tools-10.1.5-2.fc25 openqa-4.4-41.20170130git8cc04a2.fc25 oz-0.15.0-5.fc25 perl-Code-TidyAll-Plugin-Test-Vars-0.04-2.fc25 perl-Date-Manip-6.58-1.fc25 perl-DateTime-TimeZone-2.10-1.fc25 perl-Server-Starter-0.33-1.fc25 perl-WWW-Form-UrlEncoded-0.24-1.fc25 php-horde-Horde-Core-2.27.7-1.fc25 php-pear-PHP-CodeSniffer-2.8.1-1.fc25 php-twig2-2.2.0-1.fc25 php-zendframework-zend-captcha-2.7.1-1.fc25 php-zendframework-zend-form-2.10.0-1.fc25 php-zendframework-zend-validator-2.8.2-1.fc25 php-zendframework-zendservice-recaptcha-3.0.0-3.fc25 plasma-applet-weather-widget-1.6.9-1.fc25 python-fedmsg-atomic-composer-2017.0-1.fc25 python-grapefruit-0.1a4-3.fc25 python-ladon-0.9.38-2.fc25 python-multilib-1.2-1.fc25 python-pygments-2.2.0-1.fc25 qbittorrent-3.3.10-3.fc25 rb_libtorrent-1.1.2-1.fc25 rsyslog-8.25.0-2.fc25 rubygem-sequel-4.44.0-1.fc25 sunflow-0.07.4-1.fc25 vala-0.34.5-1.fc25 vdr-epg-daemon-1.1.102-1.fc25 xrootd-4.6.0-6.fc25 zulucrypt-5.1.0-3.fc25 Details about builds: ================================================================================ GraphicsMagick-1.3.25-6.fc25 (FEDORA-2017-c71a0f40f0) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information: Backport fixes for multiple security vulnerabilities. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1385583 - CVE-2016-8682 CVE-2016-8683 CVE-2016-8684 GraphicsMagick: Multiple security issues https://bugzilla.redhat.com/show_bug.cgi?id=1385583 [ 2 ] Bug #1383223 - CVE-2016-7996 CVE-2016-7997 GraphicsMagick: WPG Reader Issues https://bugzilla.redhat.com/show_bug.cgi?id=1383223 [ 3 ] Bug #1381148 - CVE-2016-7800 GraphicsMagick: 8BIM/8BIMW unsigned underflow leads to heap overflow https://bugzilla.redhat.com/show_bug.cgi?id=1381148 -------------------------------------------------------------------------------- ================================================================================ amanda-3.4.3-1.fc25 (FEDORA-2017-c6997d5085) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information: New version of amanda - 3.4.3 ---- Fix issue with local authentication -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428185 - amanda-3.4.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1428185 [ 2 ] Bug #1427775 - amidxtaped fails when using local authentication with disk-based changer device https://bugzilla.redhat.com/show_bug.cgi?id=1427775 -------------------------------------------------------------------------------- ================================================================================ bind99-9.9.9-4.P6.fc25 (FEDORA-2017-96b7f4f53e) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-3135 (unaffected), fixes regression made by CVE-2016-8864 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1420193 - CVE-2017-3135 bind: Assertion failure when using DNS64 and RPZ Can Lead to Crash https://bugzilla.redhat.com/show_bug.cgi?id=1420193 -------------------------------------------------------------------------------- ================================================================================ bluez-tools-0.2.0-0.3.git20161212.97efd29.fc25 (FEDORA-2017-64fd0ecd3b) A set of tools to manage Bluetooth devices for Linux -------------------------------------------------------------------------------- Update Information: * Append %{?git_rel} to Release-tag -------------------------------------------------------------------------------- ================================================================================ btrfs-heatmap-5-2.20170222git8c9b111.fc25 (FEDORA-2017-b5228e301b) Visualize the layout of data on your btrfs filesystem over time -------------------------------------------------------------------------------- Update Information: First release of btrfs-heatmap -------------------------------------------------------------------------------- ================================================================================ caja-terminal-0.9.1-3.fc25 (FEDORA-2017-4d2d528355) Terminal embedded in Caja -------------------------------------------------------------------------------- Update Information: - build with gtk+-3 toolkit - move docdir for rhel7 - first UI improvements - update requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #1420091 - caja terminal not shown https://bugzilla.redhat.com/show_bug.cgi?id=1420091 -------------------------------------------------------------------------------- ================================================================================ cifs-utils-6.7-1.fc25 (FEDORA-2017-82d9d99e80) Utilities for mounting and managing CIFS mounts -------------------------------------------------------------------------------- Update Information: Update to latest cifs-utils release. -------------------------------------------------------------------------------- ================================================================================ cockpit-133-1.fc25 (FEDORA-2017-ff19c0da94) A user interface for Linux servers -------------------------------------------------------------------------------- Update Information: - Remotely managed machines are now configured in /etc/cockpit/machines.d/*.json - Fix NetworkManager's "MTU" dialog layout - Build the cockpit-tests package for releases too - Split translations into individual packages - Packages now configure alternate cockpit-bridge's to interact with the system ---- - Make basic SELinux functionality available without setroubleshootd - Allow changing the MAC address for ethernet adapters and see them for bonds - Hide "autoconnect" checkbox for network devices without settings - Support for external providers other than libvirt on Machines page - Some tooltip fixes - Add option to restrict max read size to the Cockpit file API - Relax dependencies on cockpit-bridge package on Debian/Ubuntu - Rename cockpit-test- assets package to cockpit-tests - When touching patched files handle case of only one file - Always build the cockpit-tests subpackage -------------------------------------------------------------------------------- ================================================================================ coreutils-8.25-16.fc25 (FEDORA-2017-24ce0b63c4) A set of basic GNU tools commonly used in shell scripts -------------------------------------------------------------------------------- Update Information: - install,mkdir: fix handling of -DZ and -pZ, respectively (#1398913) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1398913 - mkdir fails to label some directories when -p -Z options are used. https://bugzilla.redhat.com/show_bug.cgi?id=1398913 -------------------------------------------------------------------------------- ================================================================================ crawl-0.19.5-1.fc25 (FEDORA-2017-7631598367) Roguelike dungeon exploration game -------------------------------------------------------------------------------- Update Information: - Update to crawl-0.19.5 -------------------------------------------------------------------------------- ================================================================================ custodia-0.1.0-6.fc25 (FEDORA-2017-c4a2750c54) A service to manage, retrieve and store secrets for other processes. -------------------------------------------------------------------------------- Update Information: tox is now provided by python3-tox -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418796 - __init__.pyc from install of python2-modulemd-1.0.2-1.fc25.noarch conflicts with file from package python-custodia-0.1.0-4.fc25.noarch https://bugzilla.redhat.com/show_bug.cgi?id=1418796 -------------------------------------------------------------------------------- ================================================================================ ecryptfs-simple-2016.11.16.1-3.fc25 (FEDORA-2017-d3ed084484) A CLI front end to ecryptfs that works with normal user account -------------------------------------------------------------------------------- Update Information: zulucrypt: add support for ecryptfs, rhbz#1402590 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402590 - Review Request: ecryptfs-simple - A CLI front end to ecryptfs that works with normal user account https://bugzilla.redhat.com/show_bug.cgi?id=1402590 -------------------------------------------------------------------------------- ================================================================================ emacs-haskell-mode-16.1-1.fc25 (FEDORA-2017-aaa3acb19f) Haskell editing mode for Emacs -------------------------------------------------------------------------------- Update Information: Update to 16.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1325881 - emacs-haskell-mode-v16.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1325881 -------------------------------------------------------------------------------- ================================================================================ entr-3.7-2.fc25 (FEDORA-2017-8fcf1e6058) Run arbitrary commands when files change -------------------------------------------------------------------------------- Update Information: Upstream bugfix release: - Terminate subprocess in restart mode if a file under watch disappears - Allow NOTE_ATTRIB to set `/_` only if file mode changes - New `-s` option executes commands using `$SHELL -c` - Print usage and exit if input is from a terminal instead of a pipe -------------------------------------------------------------------------------- ================================================================================ gdm-3.22.2-1.fc25 (FEDORA-2017-943295e003) The GNOME Display Manager -------------------------------------------------------------------------------- Update Information: gdm 3.22.2 release. - Fix book keeping of display name in some cases - wayland fix - xdmcp logout fix - add knob to go back to running Xorg as root -------------------------------------------------------------------------------- ================================================================================ golang-github-vitrun-qart-0.1-1.fc25 (FEDORA-2017-e9398e0d1f) Generator of not-so-ugly QR codes -------------------------------------------------------------------------------- Update Information: New package for fedora. This go library is one of the dependencies of syncthing. -------------------------------------------------------------------------------- ================================================================================ gtk3-3.22.9-2.fc25 (FEDORA-2017-ce763afcbe) The GIMP ToolKit (GTK+), a library for creating GUIs for X -------------------------------------------------------------------------------- Update Information: gtk+ 3.22.9 release. Bugs fixed: * 136059 Ctrl-navigation works in opposite direction in right-to-left text * 776821 Scale factor not properly propagated upon reparent * 778203 icon shown at top left corner when dnd begins * 778328 Pressure sensitivity lost after removing pen from screen (Surface Book/MyPaint) * 778534 Widget: Document signal mnemonic-activate * 778678 gtkshow: Prefer gtk_show_uri_on_window() which works for sandboxed apps * 778726 Use gtk_show_uri_on_window() * 778746 Rename popover is sometimes misplaced * 778835 Wrong screen size returned when in HiDPI mode * 778905 Frame: documented flat style class is not usable * 779005 GtkFrame: Fix shadow after theme changes * 136059 Ctrl-navigation works in opposite direction in right-to-left text * 772505 Wayland: menu does not resize after disabling an action * 774148 Gtk.Popover misplacement in Wayland * 778019 Key repeat under wayland behaves differently, making keyboard navigation e.g. in vim annoyingly unreliable -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428280 - Wayland: spurious key repeat with gtk 3.22.9 in gnome-terminal https://bugzilla.redhat.com/show_bug.cgi?id=1428280 -------------------------------------------------------------------------------- ================================================================================ kf5-kio-5.31.0-2.fc25 (FEDORA-2017-f9ab92fa6c) KDE Frameworks 5 Tier 3 solution for filesystem abstraction -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-6410 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file https://bugzilla.redhat.com/show_bug.cgi?id=1427808 -------------------------------------------------------------------------------- ================================================================================ koschei-1.9.1-1.fc25 (FEDORA-2017-b0d6e1903e) Continuous integration for Fedora packages -------------------------------------------------------------------------------- Update Information: Update to upstream version 1.9.1 -------------------------------------------------------------------------------- ================================================================================ libblockdev-1.9-10.fc25 (FEDORA-2017-4d63080f02) A library for low-level manipulation with block devices -------------------------------------------------------------------------------- Update Information: New build with a fix for using new version of lvm2-dbusd -------------------------------------------------------------------------------- ================================================================================ libseccomp-2.3.2-1.fc25 (FEDORA-2017-b09315ea15) Enhanced seccomp library -------------------------------------------------------------------------------- Update Information: New upstream version -------------------------------------------------------------------------------- ================================================================================ libwacom-0.24-1.fc25 (FEDORA-2017-bef8dd008a) Tablet Information Client Library -------------------------------------------------------------------------------- Update Information: libwacom 0.24, adds a few more device descriptions -------------------------------------------------------------------------------- ================================================================================ mosquitto-1.4.11-1.fc25 (FEDORA-2017-9941d643df) An Open Source MQTT v3.1/v3.1.1 Broker -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.4.11 -------------------------------------------------------------------------------- ================================================================================ mtr-0.87-2.fc25 (FEDORA-2017-2507fee0a9) A network diagnostic tool -------------------------------------------------------------------------------- Update Information: This is a rebase to latest upstream version (mtr-0.87). * I've also fixed pkexec wrapper script that prevented running mtr-gtk via desktop file from gnome-shell (for details see commit message). * Second issue that is "semi" fixed in this update is running mtr-gtk on wayland. Previously it didn't work at all. Now we print error message explaining situation and pointing user to wiki page that has all details and possible workaround. X users are not affected by this issue. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1365128 - mtr-0.87 is available https://bugzilla.redhat.com/show_bug.cgi?id=1365128 -------------------------------------------------------------------------------- ================================================================================ mupdf-1.10a-4.fc25 (FEDORA-2017-9a819664a6) A lightweight PDF viewer and toolkit -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-6060 CVE-2017-5896 ---- Add comment with explanation of disabled debuginfo -------------------------------------------------------------------------------- References: [ 1 ] Bug #1425338 - CVE-2017-6060 mupdf: Stack-based buffer overflow in jstest_main.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1425338 [ 2 ] Bug #1424762 - Install size is too big https://bugzilla.redhat.com/show_bug.cgi?id=1424762 [ 3 ] Bug #1363695 - CVE-2016-6525 CVE-2016-8674 CVE-2017-5896 mupdf: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1363695 -------------------------------------------------------------------------------- ================================================================================ notmuch-0.23.7-1.fc25 (FEDORA-2017-500d99eab6) System for indexing, searching, and tagging email -------------------------------------------------------------------------------- Update Information: Latest upstream. ---- Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427855 - notmuch-0.23.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1427855 [ 2 ] Bug #1427127 - notmuch-0.23.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1427127 -------------------------------------------------------------------------------- ================================================================================ open-vm-tools-10.1.5-2.fc25 (FEDORA-2017-5da2a37682) Open Virtual Machine Tools for virtual machines hosted on VMware -------------------------------------------------------------------------------- Update Information: Use 0644 permissions for udev rules file. -------------------------------------------------------------------------------- ================================================================================ openqa-4.4-41.20170130git8cc04a2.fc25 (FEDORA-2017-561942797a) OS-level automated testing framework -------------------------------------------------------------------------------- Update Information: The previous openQA build revised a previously-existing downstream patch to make openQA automatically duplicate jobs in more cases than it does upstream (we prefer this behaviour in Fedora due to issues like [this qemu bug](https://bugzilla.redhat.com/show_bug.cgi?id=1403343)). However, the new version of the patch had a problem which resulted in worker processes exiting when jobs ended with a state `died`, as well as when they ended with a state `quit`. This was not intentional and causes unfortunate consequences like syntax errors in tests causing worker processes to quit. This update should resolve that problem, by adjusting the patch so worker processes will now only exit when jobs end in state `quit`, as intended. The update also introduces a new subpackage, `openqa-plugin-fedoraupdaterestart`, containing an openQA plugin which automatically restarts update tests that fail (one time). This is intended to mitigate the efffect of transient failures in the update tests. It is tied to Fedora expectations (specifically the flavor names used for update tests), it is not generically useful. -------------------------------------------------------------------------------- ================================================================================ oz-0.15.0-5.fc25 (FEDORA-2017-db3a8b5473) Library and utilities for automated guest OS installs -------------------------------------------------------------------------------- Update Information: Remove rawhide dependency on python-uuid -------------------------------------------------------------------------------- ================================================================================ perl-Code-TidyAll-Plugin-Test-Vars-0.04-2.fc25 (FEDORA-2017-c6aa378ea9) Provides Test::Vars plugin for Code::TidyAll -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ perl-Date-Manip-6.58-1.fc25 (FEDORA-2017-a60f43a5d7) Date manipulation routines -------------------------------------------------------------------------------- Update Information: Rebase to upstream version 6.58. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428184 - perl-Date-Manip-6.58 is available https://bugzilla.redhat.com/show_bug.cgi?id=1428184 -------------------------------------------------------------------------------- ================================================================================ perl-DateTime-TimeZone-2.10-1.fc25 (FEDORA-2017-04baf0c1d6) Time zone object base class and factory -------------------------------------------------------------------------------- Update Information: Updated to the latest version; 2.10 bump (2017a Olson database) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428186 - perl-DateTime-TimeZone-2.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1428186 -------------------------------------------------------------------------------- ================================================================================ perl-Server-Starter-0.33-1.fc25 (FEDORA-2017-e2b865a8c4) Superdaemon for hot-deploying server programs -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ perl-WWW-Form-UrlEncoded-0.24-1.fc25 (FEDORA-2017-03e743d8fe) Parser and builder for application/x-www-form-urlencoded -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Core-2.27.7-1.fc25 (FEDORA-2017-19b6a96fc6) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information: **Horde_Core 2.27.7** * [mjr] Fix adding a separator item to a custom menu (Bug #14581). * [jan] Enable LDAP rootDSE caching. * [mjr] Use new ActiveSync log handling. * [jan] Correctly encode IP address literal in first Received: header (Bug #14574). * [mjr] Remove support for defunct CloudMade, and MyTopo mapping APIs. * [jan] Fix fatal error screen for PHP 7 error objects. * [jan] Remember the configuration values of split-read database environments. * [jan] Only show $conf[sql][ca] if $conf[sql][ssl] is enabled. -------------------------------------------------------------------------------- ================================================================================ php-pear-PHP-CodeSniffer-2.8.1-1.fc25 (FEDORA-2017-ca3f01bd37) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information: **Version 2.8.1** * This release contains a fix for a security advisory related to the improper handling of shell commands * Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases * A properly crafted filename or configuration option would allow for arbitrary code execution when using some features * All users are encouraged to upgrade to this version, especially if you are checking 3rd-party code * e.g., you run PHPCS over libraries that you did not write * e.g., you provide a web service that runs PHPCS over user-uploaded files or 3rd-party repositories * e.g., you allow external tool paths to be set by user-defined values * If you are unable to upgrade but you check 3rd-party code, ensure you are not using the following features: * The diff report * The notify-send report * The Generic.PHP.Syntax sniff * The Generic.Debug.CSSLint sniff * The Generic.Debug.ClosureLinter sniff * The Generic.Debug.JSHint sniff * The Squiz.Debug.JSLint sniff * The Squiz.Debug.JavaScriptLint sniff * The Zend.Debug.CodeAnalyzer sniff * Thanks to Klaus Purer for the report * The PHP-supplied T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2 * PEAR.Functions.FunctionDeclaration now reports an error for blank lines found inside a function declaration * PEAR.Functions.FunctionDeclaration no longer reports indent errors for blank lines in a function declaration * Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank lines in a function declaration * It would previously report that only one argument is allowed per line * Squiz.Commenting.FunctionComment now corrects multi-line param comment padding more accurately * Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types * Squiz.Commenting.FunctionComment now works correctly when function return types also contain a comment * Thanks to Juliette Reinders Folmer for the patch * Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator * As this is not a real PHP operator, it enforces no spaces between ? and : when the THEN statement is empty * Squiz.ControlStructures.InlineIfDeclaration is now able to fix the spacing errors it reports * Fixed bug #1340 : STDIN file contents not being populated in some cases * Thanks to David Bi?ovec for the patch * Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws error for blank comment lines * Fixed bug #1347 : PSR2.Methods.FunctionCallSignature strips some comments during fixing * Thanks to Algirdas Gurevicius for the patch * Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is badly formatted when string contains a CR newline char * Thanks to Algirdas Gurevicius for the patch * Fixed bug #1350 : Invalid Squiz.Formatting.OperatorBracket error when using namespaces * Fixed bug #1369 : Empty line in multi-line function declaration cause infinite loop -------------------------------------------------------------------------------- ================================================================================ php-twig2-2.2.0-1.fc25 (FEDORA-2017-7bc93dd7b5) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.2.0** (2017-02-26) * added a PSR-11 compatible runtime loader * added `side` argument to `trim` to allow left or right trimming only. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-captcha-2.7.1-1.fc25 (FEDORA-2017-912d3336ee) Zend Framework Captcha component -------------------------------------------------------------------------------- Update Information: **Version 2.7.1** - 2017-02-23 - [#31](https://github.com/zendframework/zend- captcha/pull/31) fixes using the ReCaptcha response as the value parameter to isValid(). ---- **Version 2.7.0** - 2017-02-20 - [#29](https://github.com/zendframework/zend-captcha/pull/29) adds support for zend-recaptcha v3. ---- **Version 2.6.0** - 2016-06-21 - Adds and publishes documentation to https://zendframework.github.io/zend-captcha/ - [#20](https://github.com/zendframework/zend-captcha/pull/20) adds support for zend-math v3. - [#20](https://github.com/zendframework/zend-captcha/pull/20) removes support for PHP 5.5 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-form-2.10.0-1.fc25 (FEDORA-2017-092d86a446) Zend Framework Form component -------------------------------------------------------------------------------- Update Information: **Version 2.10.0** - 2017-02-23 - [#115](https://github.com/zendframework /zend-form/pull/115) adds translatable HTML attributes to the abstract view helper. - [#116](https://github.com/zendframework/zend-form/pull/116) adds the InputFilterFactory dependency to the constructor. - [#139](https://github.com/zendframework/zend-form/pull/139) adds support for ReCaptcha version 2 though zend-captcha 2.7.1. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-validator-2.8.2-1.fc25 (FEDORA-2017-8b40ef2a04) Zend Framework Validator component -------------------------------------------------------------------------------- Update Information: **Version 2.8.2** - 2017-01-29 - [#110](https://github.com/zendframework/zend- validator/pull/110) adds new Mastercard 2-series BINs - [#81](https://github.com/zendframework/zend-validator/pull/81) registers the Uuid validator into ValidatorPluginManager. -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zendservice-recaptcha-3.0.0-3.fc25 (FEDORA-2017-4eb569d4aa) Zend Framework ReCaptcha component -------------------------------------------------------------------------------- Update Information: Zend Framework ReCaptcha component. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1425073 - Review Request: php-zendframework-zendservice-recaptcha - Zend Framework ReCaptcha component https://bugzilla.redhat.com/show_bug.cgi?id=1425073 -------------------------------------------------------------------------------- ================================================================================ plasma-applet-weather-widget-1.6.9-1.fc25 (FEDORA-2017-5c6058a568) Plasma applet for displaying weather information -------------------------------------------------------------------------------- Update Information: Upstream Release: rhbz#1428194 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1428194 - plasma-applet-weather-widget-v1.6.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1428194 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-atomic-composer-2017.0-1.fc25 (FEDORA-2017-aeeeed1481) Composes atomic trees when Fedora repositories are updated -------------------------------------------------------------------------------- Update Information: Update to 2017.0. See https://github.com/fedora-infra/fedmsg-atomic- composer/blob/2017.0/CHANGELOG.md https://bodhi.fedoraproject.org/updates/FEDORA-2017-3cb1bb5aa5 is required to install this update, so it must go to stable before this can go to stable. -------------------------------------------------------------------------------- ================================================================================ python-grapefruit-0.1a4-3.fc25 (FEDORA-2017-371de561fc) Python module for easy manipulation of color information -------------------------------------------------------------------------------- Update Information: Fix auto-generating Python 2 dependency in python3- subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1308557 - python-grapefruit: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1308557 -------------------------------------------------------------------------------- ================================================================================ python-ladon-0.9.38-2.fc25 (FEDORA-2017-49450fc141) Multiprotocol approach to creating a webservice -------------------------------------------------------------------------------- Update Information: Fix auto-generating Python 2 dependency ---- The packages are now depends on python3 only. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309783 - python-ladon: Provide a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1309783 [ 2 ] Bug #1219035 - python-ladon-0.9.38 is available https://bugzilla.redhat.com/show_bug.cgi?id=1219035 -------------------------------------------------------------------------------- ================================================================================ python-multilib-1.2-1.fc25 (FEDORA-2017-c9ca65ab95) A module for determining if a package is multilib or not -------------------------------------------------------------------------------- Update Information: New upstream version that transparently supports DNF package objects (as well as yum package objects). There are no functional changes. -------------------------------------------------------------------------------- ================================================================================ python-pygments-2.2.0-1.fc25 (FEDORA-2017-ab70d1df45) Syntax highlighting engine written in Python -------------------------------------------------------------------------------- Update Information: - Python2.x now has it's binary as ``/usr/bin/pygmentize`` and ``/usr/bin/pygmentize2`` - Python3.x now has it's binary at `` /usr/bin/pygmentize3`` only to avoid collision. - Updated to version 2.2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153993 - python-pygments-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1153993 [ 2 ] Bug #1323256 - Use python3 for /usr/bin/pygmentize https://bugzilla.redhat.com/show_bug.cgi?id=1323256 [ 3 ] Bug #1415531 - python-pygments-2.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1415531 -------------------------------------------------------------------------------- ================================================================================ qbittorrent-3.3.10-3.fc25 (FEDORA-2017-d47bcae967) A Bittorrent Client -------------------------------------------------------------------------------- Update Information: update qbittorrent -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424217 - qbittorrent: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1424217 [ 2 ] Bug #1405981 - qbittorrent-3.3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405981 [ 3 ] Bug #1427501 - rb_libtorrent-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1427501 -------------------------------------------------------------------------------- ================================================================================ rb_libtorrent-1.1.2-1.fc25 (FEDORA-2017-d47bcae967) A C++ BitTorrent library aiming to be the best alternative -------------------------------------------------------------------------------- Update Information: update qbittorrent -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424217 - qbittorrent: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1424217 [ 2 ] Bug #1405981 - qbittorrent-3.3.10 is available https://bugzilla.redhat.com/show_bug.cgi?id=1405981 [ 3 ] Bug #1427501 - rb_libtorrent-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1427501 -------------------------------------------------------------------------------- ================================================================================ rsyslog-8.25.0-2.fc25 (FEDORA-2017-d2d16edab7) Enhanced system logging and kernel message trapping daemon -------------------------------------------------------------------------------- Update Information: Rebase to 8.25.0 upstream, this update contains new default rsyslog config file which will be automatically updated if you have not modified it. Also we have new subpackage enabling omkafka module for fedora users and several few minor bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422542 - Missing chdir call after chroot https://bugzilla.redhat.com/show_bug.cgi?id=1422542 [ 2 ] Bug #1419625 - Write new default config https://bugzilla.redhat.com/show_bug.cgi?id=1419625 [ 3 ] Bug #1418720 - Enable omkafka module for rsyslog https://bugzilla.redhat.com/show_bug.cgi?id=1418720 [ 4 ] Bug #1379638 - rsyslog does not start remote logging at boot https://bugzilla.redhat.com/show_bug.cgi?id=1379638 [ 5 ] Bug #1426830 - rsyslog-8.25.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1426830 -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.44.0-1.fc25 (FEDORA-2017-357c2a9e97) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: Update to sequel 4.44.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400756 - rubygem-sequel-4.42.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400756 [ 2 ] Bug #1389916 - rubygem-sequel-4.40.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1389916 [ 3 ] Bug #1419221 - rubygem-sequel-4.44.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1419221 -------------------------------------------------------------------------------- ================================================================================ sunflow-0.07.4-1.fc25 (FEDORA-2017-5f86c6d9ec) A rendering system for photo-realistic image synthesis -------------------------------------------------------------------------------- Update Information: fix build after mass rebuild fix bad versioning -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424525 - sunflow: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1424525 -------------------------------------------------------------------------------- ================================================================================ vala-0.34.5-1.fc25 (FEDORA-2017-3f4f4f347e) A modern programming language for GNOME -------------------------------------------------------------------------------- Update Information: vala 0.34.5 release, with bug fixes and binding updates. -------------------------------------------------------------------------------- ================================================================================ vdr-epg-daemon-1.1.102-1.fc25 (FEDORA-2017-d4e6d0524d) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information: Update to 1.1.102 ---- Update to 1.1.101 ---- Update to 1.1.100 ---- Update to 1.1.99 ---- Changed INIT_AFTER to mariadb.service in Make.config ---- Update to 1.1.97 ---- Update to 1.1.95 ---- Update to 1.94 ---- Update to 1.1.93 ---- Update to 1.1.91 ---- Update to 1.1.90 ---- Update to 1.1.89 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.6.0-6.fc25 (FEDORA-2017-0eca8dbb12) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: New version 4.6.0, release notes are here: https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt -------------------------------------------------------------------------------- ================================================================================ zulucrypt-5.1.0-3.fc25 (FEDORA-2017-d3ed084484) Qt GUI front end to cryptsetup -------------------------------------------------------------------------------- Update Information: zulucrypt: add support for ecryptfs, rhbz#1402590 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402590 - Review Request: ecryptfs-simple - A CLI front end to ecryptfs that works with normal user account https://bugzilla.redhat.com/show_bug.cgi?id=1402590 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
