The following Fedora 25 Security updates need testing: Age URL 85 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ed1b89530 mbedtls-2.4.2-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-837115524e cloud-init-0.7.8-6.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb php-onelogin-php-saml-2.10.5-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9801754fd7 drupal8-8.2.7-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a12a29d9 kernel-4.10.4-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-25ffd5b236 webkitgtk4-2.16.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd15ca5490 empathy-3.12.13-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d219f0e5fc sscg-2.0.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-42ebcac2b5 erlang-19.3-2.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-803e6bacb4 pungi-4.1.13-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7799a1cc7c appliance-tools-008.0-4.fc25 livecd-tools-24.2-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eb8924136a sssd-1.15.2-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d4c043011f iproute-4.10.0-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-25ffd5b236 webkitgtk4-2.16.0-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c824da25f nss-3.29.3-1.0.fc25 nss-softokn-3.29.3-1.0.fc25 nss-util-3.29.3-1.0.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2a12a29d9 kernel-4.10.4-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-877a8cad15 llvm-3.9.1-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a85ea344c6 mesa-13.0.4-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-992c684acb pcre2-10.23-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8e8c12076a python3-3.5.3-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0cb900dc8 xorg-x11-drv-libinput-0.23.0-3.fc25 The following builds have been pushed to Fedora 25 updates-testing autoconf-archive-2017.03.21-1.fc25 cldr-emoji-annotation-31.0.0_1-1.fc25 erlang-19.3-2.fc25 fontsquirrel-crete-round-fonts-0-0.1.20111222.fc25 gap-pkg-xmod-2.59-1.fc25 gnome-shell-extension-freon-23-2.fc25 golang-github-chmduquesne-rollinghash-2.0.2-1.1.git043b8fd.fc25 iftop-1.0-0.14.pre4.fc25 jss-4.4.0-3.fc25 lldb-3.9.1-1.fc25.2 lnst-13-1.fc25 mint-x-icons-1.4.1-1.fc25 mkvtoolnix-9.9.0-1.fc25 mod_lookup_identity-0.9.9-1.fc25 mozilla-noscript-5.0.2-1.fc25 openscap-1.2.14-1.fc25 pcre2-10.23-4.fc25 perl-DBIx-RunSQL-0.16-1.fc25 plplot-5.11.1-13.fc25 python-ansible-tower-cli-3.1.2-1.fc25 python3-3.5.3-4.fc25 rpcbind-0.2.4-5.fc25 sscg-2.0.4-1.fc25 tomcatjss-7.2.1-2.fc25 unbound-1.6.0-6.fc25 vdr-epg2vdr-1.1.52-1.fc25 xorg-x11-drv-libinput-0.23.0-3.fc25 yagf-0.9.5-4.fc25 Details about builds: ================================================================================ autoconf-archive-2017.03.21-1.fc25 (FEDORA-2017-abf2344dad) The Autoconf Macro Archive -------------------------------------------------------------------------------- Update Information: Update to 2017.03.21 (#1434626) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434626 - autoconf-archive-2017.03.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434626 -------------------------------------------------------------------------------- ================================================================================ cldr-emoji-annotation-31.0.0_1-1.fc25 (FEDORA-2017-260f5cf351) Emoji annotation files in CLDR -------------------------------------------------------------------------------- Update Information: Pulled annotation files from CLDR Release 31. -------------------------------------------------------------------------------- ================================================================================ erlang-19.3-2.fc25 (FEDORA-2017-42ebcac2b5) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-10253 ---- * Ver. 19.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433986 - CVE-2016-10253 erlang: Heap-buffer overflow via regular expressions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433986 [ 2 ] Bug #1432265 - erlang-19.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1432265 -------------------------------------------------------------------------------- ================================================================================ fontsquirrel-crete-round-fonts-0-0.1.20111222.fc25 (FEDORA-2017-9fb0e0df17) General purpose warm slab serif font -------------------------------------------------------------------------------- Update Information: Crete Round is a warm slab serif providing a hint of softness to texts. It started as a tailored version of the original Crete fonts - www.type- together.com/Crete - created specially to serve as corporate typeface for the type design competition Letter2 - www.letter2.org. Crete Round is more independent from the original with modified terminals and serifs to create two new fonts that deliver a more contemporary and functional appearance. The tall x-height, low contrast and sturdy slabs prove to be surprisingly efficient for web use. This font supports 128 languages and has 416 glyphs. -------------------------------------------------------------------------------- ================================================================================ gap-pkg-xmod-2.59-1.fc25 (FEDORA-2017-2ede6d5784) Crossed Modules and Cat1-Groups for GAP -------------------------------------------------------------------------------- Update Information: Changes in version 2.59: - added property IsEndomorphismPreCat1 - modified IsomorphismPerm2dGroup for PreCat1 objects - "first author" -> "second author" in manual.xml (issue #4) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434637 - gap-pkg-xmod-v2.59 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434637 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-freon-23-2.fc25 (FEDORA-2017-f2d129a325) GNOME Shell extension to display system temperature, voltage, and fan speed -------------------------------------------------------------------------------- Update Information: Revised package description. Add EPEL 7 branch, since this extension supports versions of GNOME Shell as old as 3.12. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396790 - Review Request: gnome-shell-extension-freon - GNOME Shell extension to display system temperature, voltage, and fan speed https://bugzilla.redhat.com/show_bug.cgi?id=1396790 -------------------------------------------------------------------------------- ================================================================================ golang-github-chmduquesne-rollinghash-2.0.2-1.1.git043b8fd.fc25 (FEDORA-2017-a05961130f) Some rolling checksum implementations in go -------------------------------------------------------------------------------- Update Information: Update to new upstream snapshot (043b8fdecc9816f0011a056f6d92f9a091ab63dd) and adapt Provides for the renamed / added go subpackages. -------------------------------------------------------------------------------- ================================================================================ iftop-1.0-0.14.pre4.fc25 (FEDORA-2017-adf16ebea4) Command line tool that displays bandwidth usage on an interface -------------------------------------------------------------------------------- Update Information: - Added patch from upstream to fix DNS resolution (#1120254, #1309755) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1309755 - ip6.arpa lookup failure uses previous successful lookup https://bugzilla.redhat.com/show_bug.cgi?id=1309755 -------------------------------------------------------------------------------- ================================================================================ jss-4.4.0-3.fc25 (FEDORA-2017-7e05785516) Java Security Services (JSS) -------------------------------------------------------------------------------- Update Information: Bugzilla Bug #1434535 - JSS 4.4.0 is incompatible with versions of pki-base < 10.4.0 ---- Bugzilla Bug #1432568 - JSS 4.4.0 is incompatible with versions of tomcatjss < 7.2.1 ---- Bugzilla Bug #1431937 - Rebase jss to 4.4.0 in Fedora 25+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434535 - JSS 4.4.0 is incompatible with versions of pki-base < 10.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=1434535 [ 2 ] Bug #1432568 - JSS 4.4.0 is incompatible with versions of tomcatjss < 7.2.1 https://bugzilla.redhat.com/show_bug.cgi?id=1432568 [ 3 ] Bug #1431937 - Rebase jss to 4.4.0 in Fedora 25+ https://bugzilla.redhat.com/show_bug.cgi?id=1431937 -------------------------------------------------------------------------------- ================================================================================ lldb-3.9.1-1.fc25.2 (FEDORA-2017-4ed6584beb) Next generation high-performance debugger -------------------------------------------------------------------------------- Update Information: A few bug fixes for lldb. ---- Adjust python sys.path so lldb can find readline.so -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433463 - lldb scripting support gives errors https://bugzilla.redhat.com/show_bug.cgi?id=1433463 [ 2 ] Bug #1434470 - lldd package dependencies may be incorrect [Was lldb failed to start because of unfound library symbols] https://bugzilla.redhat.com/show_bug.cgi?id=1434470 -------------------------------------------------------------------------------- ================================================================================ lnst-13-1.fc25 (FEDORA-2017-8274337a4b) Common code for lnst-ctl and lnst-slave -------------------------------------------------------------------------------- Update Information: Updating to stable release 13. This is most likely the final stable release before removing XML recipe support. -------------------------------------------------------------------------------- ================================================================================ mint-x-icons-1.4.1-1.fc25 (FEDORA-2017-53fba42d89) Icon theme for Linux Mint -------------------------------------------------------------------------------- Update Information: * New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434631 - mint-x-icons-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434631 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-9.9.0-1.fc25 (FEDORA-2017-b12c24cf46) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: ## New features and enhancements * GUI: chapter editor: added a character set selection in the preferences for text files. If a character set is selected there, it will be used instead of asking the user when opening text chapter files. Implements #1874. * GUI: multiplexer: added a column "character set" to the "tracks, chapters and tags" list view showing the currently selected character set for that track. Implements #1873. * mkvmerge: added an --engage option "all_i_slices_are_key_frames" for treating all I slices of an h.264/AVC stream as key frames in pathological streams that lack real key frames. Implements #1876. * GUI: running programs after jobs: added a new variable MTX_INSTALLATION_DIRECTORY for the directory the MKVToolNix GUI executable is located in. * mkvmerge: DVB subtitle tracks whose CodecPrivate data is only four bytes long will now be fixed up to the proper five bytes by adding the subtitling type byte. * mkvmerge: MP4 reader: "ctts" version 1 atoms are now supported. ## Bug fixes * mkvmerge: AC-3 handling: some source files provide timestamps for audio tracks only once every n audio frames. In such situations mkvmerge was buffering too much data resulting in a single gap in the timestamps of one frame duration after frame number n - 1 (the second audio timestamp read from the source file was used one output frame too early). Fixes #1864. * mkvmerge: MP4 reader: mkvmerge was only reading a small part of MP4 DASH files where the first "moov" "mdat" atoms occur before the first "moof" atom. This is part of the fix for #1867. * mkvmerge: MP4 reader: edit list ("edts" atoms) that are part of the "moof" atoms used in MP4 DASH files weren't parsed. Instead the edit lists from the main track headers inside the "moov" atom were used. This is part of the fix for #1867. * mkvmerge: MP4 reader: when an MP4 DASH file contained both normal chunk offset table ("stco"/"co64" atoms) in their regular "moov" atoms, a sample-to-chunk table ("stsc" atom) whose last entry had a "samples per chunk" count greater than 1 and DASH "trun" atoms, then mkvmerge was calculating wrong positions the frame content. This is part of the fix for #1867. * mkvmerge: MP4 reader: mkvmerge couldn't deal with the key frame index table having duplicate entries. The result was that only key frames up to and including the first duplicate entry were marked as key frames in the output file. All other frames weren't, even though some of them were referenced from the key frame table after the first duplicate entry. This is part of the fix for #1867. * mkvmerge: MP4 reader: when an MP4 file contained more than one copy of the "moov" atom (the track headers etc.), mkvmerge was parsing them all adding tracks multiple times. Fix for #1877. * mkvmerge: MP4 reader: fixed an integer overflow during the timestamp calculation leading to files with wrong timestamps. Such files could not be played back properly by most players. Fixes #1883. * mkvmerge: MPEG TS reader: if the PMT lists a DVBSUB track, mkvmerge will now recognize it without having to find a packet for it within the probed range. * mkvmerge: splitting by parts (both the "timestamps" and the "frames" variants): fixed the calculation of track statistics tags. When calculating the duration the skipped portions weren't taken into account leading to a too-high duration. As a consequence the BPS tag (bits per second) was wrong, too. Fixes #1885. * mkvmerge: reading files with DVB/HDMV TextSV subtitle tracks with invalid CodecPrivate caused mkvmerge to abort with an error from boost::format about the format string not having enough arguments. Fixes #1894. * mkvmerge: fixed misdetection of certain AC-3 files as MP3 files which led to an error message that "the demultiplexer could not be initialized". * mkvmerge: fixed huge memory consumption when appending big Matroska files with sparse tracks (e.g. forced subtitle tracks). The Matroska reader will now queue at most 128 MB of data. Fixes #1893. * mkvmerge: MP4 reader: the timestamps of all multiplexed tracks will now be 0-based properly. * mkvmerge: MP4 reader: the DTS-to-PTS offsets given by the "ctts" atoms are now applied for all tracks containing a "ctts" atom, not just h.264 & h.265 tracks. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1424868 - mkvtoolnix-9.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1424868 -------------------------------------------------------------------------------- ================================================================================ mod_lookup_identity-0.9.9-1.fc25 (FEDORA-2017-cffa2efc71) Apache module to retrieve additional information about the authenticated user -------------------------------------------------------------------------------- Update Information: Rebase to new upstream version 0.9.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434814 - mod_lookup_identity-0.9.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434814 -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-5.0.2-1.fc25 (FEDORA-2017-44580bde9d) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: Changes since 2.9.5.3: * Fixed thumbnails broken even if noscript.bgThumbs.allowed is true (thanks rick for reporting) * [e10s] Restored absolutely positioned elements removal by mousedown + DEL key (broken by e10s) * Absolutely positioned elements removal by mousedown + DEL key now working also on whitelisted pages (controlled by noscript.eraseFloatingElements about:config preference, thanks MegaWolf for RFE) * Fixed blocked XHR requests in frames not reflected in the menu UI (thanks aocab and barbaz for reporting) * [Locale] Improved nl translation (thanks Kris) * Fixed regression, some sites not being shown in UI * Fixed recently blocked menu not working on e10s * Embedded WebExtension * Dramatically Improved UI synchronization performance impact on load-intensive web pages (thanks Rob Wu) * [e10s] Fixed permissions out of sync when content processes are more than one (thanks Ian Fennel for report) * [Surrogates] Update google-analytics replacement (thanks ng4never for reporting and barbaz for implementation) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1429065 - mozilla-noscript-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1429065 -------------------------------------------------------------------------------- ================================================================================ openscap-1.2.14-1.fc25 (FEDORA-2017-42e5b0ef0f) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ pcre2-10.23-4.fc25 (FEDORA-2017-992c684acb) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release closes serialization file in pcre2test after any error, it fixes a memory leak in pcre2_serialize_decode() when the input is invalid, a potential NULL dereference in pcre2_callout_enumerate() if called with a NULL pattern pointer when Unicode support is available, and 32-bit error buffer size bug in pcre2test. -------------------------------------------------------------------------------- ================================================================================ perl-DBIx-RunSQL-0.16-1.fc25 (FEDORA-2017-8404d88e83) Run SQL commands from a file -------------------------------------------------------------------------------- Update Information: 0.16 20170316 - Allow specifying the table formatter on the command line -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433157 - perl-DBIx-RunSQL-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1433157 -------------------------------------------------------------------------------- ================================================================================ plplot-5.11.1-13.fc25 (FEDORA-2017-a94a6c787f) Library of functions for making scientific plots -------------------------------------------------------------------------------- Update Information: - Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434323 - plplot in F25 is older than in F24 https://bugzilla.redhat.com/show_bug.cgi?id=1434323 -------------------------------------------------------------------------------- ================================================================================ python-ansible-tower-cli-3.1.2-1.fc25 (FEDORA-2017-171bc9406a) A CLI tool for Ansible Tower -------------------------------------------------------------------------------- Update Information: update -------------------------------------------------------------------------------- ================================================================================ python3-3.5.3-4.fc25 (FEDORA-2017-8e8c12076a) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Fixed the %py_byte_compile macro so that packages that use it actually compile their Python files. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433569 - %py_byte_compile doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1433569 -------------------------------------------------------------------------------- ================================================================================ rpcbind-0.2.4-5.fc25 (FEDORA-2017-66c84b1ba8) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: Try creating statdir once when opening lock file fails -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421471 - failure to start: /run/rpcbind/rpcbind.lock: No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1421471 [ 2 ] Bug #1401561 - rpcbind-0.2.4-1.fc25 fails to start at boot https://bugzilla.redhat.com/show_bug.cgi?id=1401561 [ 3 ] Bug #1434380 - Fedora-Live-26 fails: dracut-pre-udev: rpcbind:/run/rpcbind/rpcbind.lock No such file or directory https://bugzilla.redhat.com/show_bug.cgi?id=1434380 [ 4 ] Bug #1420912 - rpcbind fails to start using vagrant https://bugzilla.redhat.com/show_bug.cgi?id=1420912 [ 5 ] Bug #1415496 - rpcbind fails at boot https://bugzilla.redhat.com/show_bug.cgi?id=1415496 -------------------------------------------------------------------------------- ================================================================================ sscg-2.0.4-1.fc25 (FEDORA-2017-d219f0e5fc) Simple SSL certificate generator -------------------------------------------------------------------------------- Update Information: Addresses a potential race-condition when the key and certificate share the same file. -------------------------------------------------------------------------------- ================================================================================ tomcatjss-7.2.1-2.fc25 (FEDORA-2017-910557a400) JSSE implementation using JSS for Tomcat -------------------------------------------------------------------------------- Update Information: Bugzilla Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of pki- base < 10.4.0 ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.x in Fedora 25+ ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+ ---- tomcatjss Pagure Issue #6 - Rebase tomcatjss to 7.2.0 in Fedora 25+ -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434541 - tomcatjss 7.2.1 is incompatible with versions of pki-base < 10.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=1434541 -------------------------------------------------------------------------------- ================================================================================ unbound-1.6.0-6.fc25 (FEDORA-2017-da6101466c) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information: Call make unbound-event-install to install unbound-event.h -------------------------------------------------------------------------------- ================================================================================ vdr-epg2vdr-1.1.52-1.fc25 (FEDORA-2017-e9d53cd316) A plugin to retrieve EPG data from a mysql database into VDR -------------------------------------------------------------------------------- Update Information: Update to 1.1.52 ---- Update to 1.1.50 ---- Update to 1.1.49 ---- Update to 1.1.48 ---- Update to 1.1.47 ---- Update to 1.1.46 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-libinput-0.23.0-3.fc25 (FEDORA-2017-c0cb900dc8) Xorg X11 libinput input driver -------------------------------------------------------------------------------- Update Information: Send motion event immediately after proximity (#1433755) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433755 - Pen input works incorrectly after update https://bugzilla.redhat.com/show_bug.cgi?id=1433755 -------------------------------------------------------------------------------- ================================================================================ yagf-0.9.5-4.fc25 (FEDORA-2017-b9c8cb8a80) Graphical front-end for cuneiform -------------------------------------------------------------------------------- Update Information: Possible fix for sigsegv. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
