The following Fedora 24 Security updates need testing: Age URL 104 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 97 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 60 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 40 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b176c1694 redis-3.2.8-1.fc24 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68cdc567e9 php-onelogin-php-saml-2.10.5-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0f5fe1913f sane-backends-1.0.25-7.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72323a442f ntp-4.2.6p5-44.fc24 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97e65f13bb python-sleekxmpp-1.3.2-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-97d7758431 firebird-2.5.7.27050.0-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e6419b416d xen-4.6.5-4.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-712a186f5f icecat-52.0.1-5.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec01954fe9 chromium-57.0.2987.133-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8eac23007d xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-174cb400d7 flatpak-0.8.5-1.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3d7c3f66ae pcre-8.40-6.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-47eb254e1c vim-8.0.514-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58d5521965 linux-firmware-20170313-72.git695f2d6d.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6189eb6f22 gvfs-1.28.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e50ea71b16 audit-2.7.4-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-470e502a7d libdrm-2.4.76-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-461ce095b5 samba-4.4.13-0.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-579411a8a3 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c372fa4dbc sudo-1.8.19p2-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3e90bdded7 p11-kit-0.23.2-3.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1739c0ed1b hwdata-0.299-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-af9f3f0102 cups-2.1.4-4.fc24 The following builds have been pushed to Fedora 24 updates-testing cups-2.1.4-4.fc24 distribution-gpg-keys-1.11-1.fc24 engauge-digitizer-10.0-1.fc24 flatpak-0.8.5-1.fc24 gfal2-2.13.3-1.fc24 gfal2-python-1.9.2-1.fc24 gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc24 hwdata-0.299-1.fc24 ibus-typing-booster-1.5.30-1.fc24 mate-icon-theme-1.16.1-1.fc24 nss-3.29.3-1.1.fc24 nss-util-3.29.3-1.1.fc24 p11-kit-0.23.2-3.fc24 pcre2-10.21-17.fc24 perl-Test-Dir-1.15-1.fc24 php-container-interop-1.2.0-3.fc24 php-di-5.4.2-1.fc24 php-firebase-php-jwt-4.0.0-1.fc24 php-horde-Horde-Form-2.0.17-1.fc24 php-phpunit-PHP-CodeCoverage-4.0.8-1.fc24 php-phpunit-PHPUnit-5.7.19-1.fc24 php-react-dns-0.4.7-1.fc24 php-zendframework-zend-feed-2.8.0-2.fc24 pidgin-2.12.0-1.fc24 python-astroquery-0.3.5-1.fc24 sudo-1.8.19p2-1.fc24 xorgxrdp-0.2.1-1.fc24 xrdp-0.9.2-2.fc24 Details about builds: ================================================================================ cups-2.1.4-4.fc24 (FEDORA-2017-af9f3f0102) CUPS printing system -------------------------------------------------------------------------------- Update Information: 1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437065 - CUPS does not recognize changes to /etc/resolv.conf until CUPS restart https://bugzilla.redhat.com/show_bug.cgi?id=1437065 -------------------------------------------------------------------------------- ================================================================================ distribution-gpg-keys-1.11-1.fc24 (FEDORA-2017-a56eafab38) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: Updated Copr keys and rpmfusion keys. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438302 - distribution-gpg-keys please add rpmfusion keys for f26/f27 for free and nonfree sections https://bugzilla.redhat.com/show_bug.cgi?id=1438302 -------------------------------------------------------------------------------- ================================================================================ engauge-digitizer-10.0-1.fc24 (FEDORA-2017-905174cbe4) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information: - Update to 10.0 -------------------------------------------------------------------------------- ================================================================================ flatpak-0.8.5-1.fc24 (FEDORA-2017-174cb400d7) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information: flatpak 0.8.5 release. For details, see https://github.com/flatpak/flatpak/releases/tag/0.8.5 -------------------------------------------------------------------------------- ================================================================================ gfal2-2.13.3-1.fc24 (FEDORA-2017-3e4a34b5a9) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.9.2-1.fc24 (FEDORA-2017-9ee2b46609) Python bindings for gfal 2 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc24 (FEDORA-2017-43b97c5d20) Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more -------------------------------------------------------------------------------- Update Information: Update to 0-0.9.20170401git2be196b -------------------------------------------------------------------------------- ================================================================================ hwdata-0.299-1.fc24 (FEDORA-2017-1739c0ed1b) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.5.30-1.fc24 (FEDORA-2017-8b99588768) A completion input method -------------------------------------------------------------------------------- Update Information: update to 1.5.30 -------------------------------------------------------------------------------- ================================================================================ mate-icon-theme-1.16.1-1.fc24 (FEDORA-2017-22b8a2af31) Icon theme for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 1.18.1 release - added nation iso flags -------------------------------------------------------------------------------- ================================================================================ nss-3.29.3-1.1.fc24 (FEDORA-2017-579411a8a3) Network Security Services -------------------------------------------------------------------------------- Update Information: Backport necessary changes for bug 1207335 from NSS 3.30. -------------------------------------------------------------------------------- ================================================================================ nss-util-3.29.3-1.1.fc24 (FEDORA-2017-579411a8a3) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: Backport necessary changes for bug 1207335 from NSS 3.30. -------------------------------------------------------------------------------- ================================================================================ p11-kit-0.23.2-3.fc24 (FEDORA-2017-3e90bdded7) Library for loading and sharing PKCS#11 modules -------------------------------------------------------------------------------- Update Information: Backport the patch to recognize CKA_NSS_MOZILLA_CA_POLICY used for HPKP in Firefox -------------------------------------------------------------------------------- ================================================================================ pcre2-10.21-17.fc24 (FEDORA-2017-d87225756d) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes DFA magch for a possessively repeated character class and a memory allocator from the pattern if no context is supplied to pcre2_match(). -------------------------------------------------------------------------------- ================================================================================ perl-Test-Dir-1.15-1.fc24 (FEDORA-2017-a0ed681b1d) Some simple tests on directories and folders -------------------------------------------------------------------------------- Update Information: This release fixes building on Perl without "." in @INC path. We deliver this release only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438208 - perl-Test-Dir-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438208 -------------------------------------------------------------------------------- ================================================================================ php-container-interop-1.2.0-3.fc24 (FEDORA-2017-cf92eaff78) Promoting the interoperability of container objects (DIC, SL, etc.) -------------------------------------------------------------------------------- Update Information: ## 1.2.0 This release deprecates container-interop in favor of PSR-11 which becomes the official container-interop successor. Container-interop interfaces now extend the PSR-11 interfaces, in order to smooth transition to PSR-11. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422487 - php-container-interop-1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1422487 -------------------------------------------------------------------------------- ================================================================================ php-di-5.4.2-1.fc24 (FEDORA-2017-dd8b802b37) The dependency injection container for humans -------------------------------------------------------------------------------- Update Information: ## 5.4.2 Minor patch to add the provide: `psr/container-implementation` to `composer.json` ## 5.4.1 - [PSR-11](http://www.php-fig.org/psr/) compliance Note that PHP-DI was already compliant with PSR-11 because it was implementing container-interop, and container-interop 1.2 extends PSR-11. This new version just makes it more explicit and will allow to drop container-interop support in the next major versions. ## 5.4 Read the [news entry](news/20-php- di-5-4-released.md). New features: - [#362](https://github.com/PHP-DI/PHP- DI/issues/362) implemented in [#428](https://github.com/PHP-DI/PHP-DI/pull/428), [#430](https://github.com/PHP-DI/PHP-DI/pull/430), [#431](https://github.com /PHP-DI/PHP-DI/pull/431) and [#432](https://github.com/PHP-DI/PHP-DI/pull/432): factory parameters can now be configured, for example: ```php return [ 'Database' => DI\factory(function ($host) {...}) ->parameter('host', DI\get('db.host')), ]; ``` Read the [factories documentation](http ://php-di.org/doc/php-definitions.html#factories) to learn more. Feature implemented by [@predakanga](https://github.com/predakanga). Improvements: - [#429](https://github.com/PHP-DI/PHP-DI/pull/429): performance improvements in definition resolution (by [@mnapoli](https://github.com/mnapoli)) - [#421](https://github.com/PHP-DI/PHP-DI/issues/421): once a `ContainerBuilder` has built a container, it is locked to prevent confusion when adding new definitions to it (by [@mnapoli](https://github.com/mnapoli)) - [#423](https://github.com/PHP-DI/PHP-DI/pull/423): improved exception messages (by [@mnapoli](https://github.com/mnapoli)) ## 5.3 Read the [news entry](news/19-php-di-5-3-released.md). - release of the [2.0 version](https://github.com/PHP-DI/Symfony-Bridge/releases/tag/2.0.0) of the Symfony bridge (by [@mnapoli](https://github.com/mnapoli)) - PHP 5.5 or above is now required - a lot of documentation improvements by 9 different contributors - [#389](https://github.com/PHP-DI/PHP-DI/pull/389): exception message improvement by [@mopahle](https://github.com/mopahle) - [#359](https://github.com/PHP-DI /PHP-DI/issues/359), [#411](https://github.com/PHP-DI/PHP-DI/issues/411), [#414](https://github.com/PHP-DI/PHP-DI/pull/414), [#412](https://github.com /PHP-DI/PHP-DI/pull/412): compatibility with ProxyManager 1.* and 2.* (by [@holtkamp](https://github.com/holtkamp) and [@mnapoli](https://github.com/mnapoli)) - [#416](https://github.com/PHP-DI/PHP- DI/pull/416): dumping definitions was refactored into a more lightweight and simple solution; definition "dumpers" have been removed (internal classes), definitions can now be cast to string directly (by [@mnapoli](https://github.com/mnapoli)) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435627 - php-di-5.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435627 -------------------------------------------------------------------------------- ================================================================================ php-firebase-php-jwt-4.0.0-1.fc24 (FEDORA-2017-50c2056000) A simple library to encode and decode JSON Web Tokens (JWT) -------------------------------------------------------------------------------- Update Information: A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519 [1]. [1] https://tools.ietf.org/html/rfc7519 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431377 - Review Request: php-firebase-php-jwt - A simple library to encode and decode JSON Web Tokens (JWT) https://bugzilla.redhat.com/show_bug.cgi?id=1431377 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Form-2.0.17-1.fc24 (FEDORA-2017-095a5708ca) Horde Form API -------------------------------------------------------------------------------- Update Information: **Horde_Form 2.0.17** * [jan] Fix regression when submitting multiple forms (Bug #14604). -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHP-CodeCoverage-4.0.8-1.fc24 (FEDORA-2017-f57c2cc67a) PHP code coverage information -------------------------------------------------------------------------------- Update Information: **Version 4.0.8** - 2017-04-02 * Fixed [#515](https://github.com/sebastianbergmann/php-code-coverage/pull/515): Wrong use of recursive iterator causing duplicate entries in XML coverage report -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.19-1.fc24 (FEDORA-2017-4aed0b0028) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.19** - 2017-04-03 * Fixed [#2638](https://github.com/sebastianbergmann/phpunit/pull/2638): Regression in `PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` **Version 5.7.18** - 2017-04-02 * Fixed [#2145](https://github.com/sebastianbergmann/phpunit/issues/2145): `--stop-on- failure` fails to stop on PHP 7 * Fixed [#2572](https://github.com/sebastianbergmann/phpunit/issues/2572): `PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` does not correctly handle arrays that reference themselves -------------------------------------------------------------------------------- ================================================================================ php-react-dns-0.4.7-1.fc24 (FEDORA-2017-ef28e8706d) Async DNS resolver -------------------------------------------------------------------------------- Update Information: ## 0.4.7 (2017-03-31) * Feature: Forward compatibility with upcoming Socket v0.6 and v0.7 component (#57 by @clue) ## 0.4.6 (2017-03-11) * Fix: Fix DNS timeout issues for Windows users and add forward compatibility with Stream v0.5 and upcoming v0.6 (#53 by @clue) * Improve test suite by adding PHPUnit to `require-dev` (#54 by @clue) ## 0.4.5 (2017-03-02) * Fix: Ensure we ignore the case of the answer (#51 by @WyriHaximus) * Feature: Add `TimeoutExecutor` and simplify internal APIs to allow internal code re-use for upcoming versions. (#48 and #49 by @clue) ## 0.4.4 (2017-02-13) * Fix: Fix handling connection and stream errors (#45 by @clue) * Feature: Add examples and forward compatibility with upcoming Socket v0.5 component (#46 and #47 by @clue) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421888 - php-react-dns-0.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421888 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-feed-2.8.0-2.fc24 (FEDORA-2017-17af1ba24a) Zend Framework Feed component -------------------------------------------------------------------------------- Update Information: **Version 2.8.0** - 2017-04-02 * Added - [#27](https://github.com/zendframework/zend-feed/pull/27) adds a documentation chapter demonstrating wrapping a PSR-7 client to use with `Zend\Feed\Reader`. - [#22](https://github.com/zendframework/zend-feed/pull/22) adds missing ExtensionManagerInterface on Writer\ExtensionPluginManager. - [#32](https://github.com/zendframework/zend-feed/pull/32) adds missing ExtensionManagerInterface on Reader\ExtensionPluginManager. * Removed - [#38](https://github.com/zendframework/zend-feed/pull/38) dropped php 5.5 support * Fixed - [#35](https://github.com/zendframework/zend- feed/pull/35) fixed "A non-numeric value encountered" in php 7.1 - [#39](https://github.com/zendframework/zend-feed/pull/39) fixed protocol relative link absolutisation - [#40](https://github.com/zendframework/zend- feed/pull/40) fixed service manager v3 compatibility aliases in extension plugin managers -------------------------------------------------------------------------------- ================================================================================ pidgin-2.12.0-1.fc24 (FEDORA-2017-985710db18) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: Update to 2.12 ( rhbz#1438198) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438198 - pidgin upgrade request for F24 https://bugzilla.redhat.com/show_bug.cgi?id=1438198 -------------------------------------------------------------------------------- ================================================================================ python-astroquery-0.3.5-1.fc24 (FEDORA-2017-b95cc7a20f) Python module to access astronomical online data resources -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437267 - python-astroquery-0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437267 -------------------------------------------------------------------------------- ================================================================================ sudo-1.8.19p2-1.fc24 (FEDORA-2017-c372fa4dbc) Allows restricted root access for specified users -------------------------------------------------------------------------------- Update Information: ### update to 1.8.19p2 * The syslog priority (syslog_goodpri and syslog_badpri) can now be negated or set to none to disable logging of successful or unsuccessful sudo attempts via syslog. * New syslog_maxlen Defaults option to control the maximum size of syslog messages generated by sudo. * Visudo will now use the file and line number information about an unknown or unparsable Defaults entry to go directly to the file with the problem. * Fixed a crash in visudo when an IP address or network is used in a host-based Defaults entry. * Fixed a bug where the "all" setting for verifypw and listpw was not being honored. -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.2.1-1.fc24 (FEDORA-2017-8eac23007d) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.2-2.fc24 (FEDORA-2017-8eac23007d) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
