The following Fedora 25 Security updates need testing: Age URL 97 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb php-onelogin-php-saml-2.10.5-1.fc25 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99ad80f109 python-sleekxmpp-1.3.2-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e5b5201e7 xen-4.7.2-4.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-674d306f51 icecat-52.0.1-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-2.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b pungi-4.1.14-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-83de9e1c7c nss-3.29.3-1.1.fc25 nss-util-3.29.3-1.1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0e8a306df1 at-spi2-core-2.22.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e8f083022 sudo-1.8.19p2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0dc6f0c054 p11-kit-0.23.2-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-433b2a46f7 pcre2-10.23-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a2e71f104b hwdata-0.299-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-68626b63de gdk-pixbuf2-2.36.6-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e992252aa openldap-2.4.44-10.fc25 The following builds have been pushed to Fedora 25 updates-testing at-spi2-core-2.22.1-1.fc25 distribution-gpg-keys-1.11-1.fc25 dnfdragora-1.0.0-12.git20170402.f3ca28b.fc25 engauge-digitizer-10.0-1.fc25 flrig-1.3.30-1.fc25 gdk-pixbuf2-2.36.6-1.fc25 gfal2-2.13.3-1.fc25 gfal2-python-1.9.2-1.fc25 gnome-calendar-3.22.4-1.fc25 gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc25 hwdata-0.299-1.fc25 ibus-typing-booster-1.5.30-1.fc25 mate-icon-theme-1.16.1-1.fc25 nss-3.29.3-1.1.fc25 nss-util-3.29.3-1.1.fc25 opencryptoki-3.6.2-1.fc25 openldap-2.4.44-10.fc25 p11-kit-0.23.2-3.fc25 pcre2-10.23-5.fc25 perl-Test-Dir-1.15-1.fc25 php-container-interop-1.2.0-3.fc25 php-di-5.4.2-1.fc25 php-firebase-php-jwt-4.0.0-1.fc25 php-horde-Horde-Form-2.0.17-1.fc25 php-phpunit-PHP-CodeCoverage-4.0.8-1.fc25 php-phpunit-PHPUnit-5.7.19-1.fc25 php-react-dns-0.4.7-1.fc25 php-zendframework-zend-feed-2.8.0-2.fc25 python-astroquery-0.3.5-1.fc25 python-jedi-0.10.0-1.fc25 sudo-1.8.19p2-1.fc25 vala-0.34.7-1.fc25 xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-2.fc25 Details about builds: ================================================================================ at-spi2-core-2.22.1-1.fc25 (FEDORA-2017-0e8a306df1) Protocol definitions and daemon for D-Bus at-spi -------------------------------------------------------------------------------- Update Information: at-spi2-core 2.22.1 release. * Fix an occasional crash when removing an application (bgo#767074). * Fix atspi_table_cell_get_position (bgo#779835). -------------------------------------------------------------------------------- ================================================================================ distribution-gpg-keys-1.11-1.fc25 (FEDORA-2017-6eeb3e3662) GPG keys of various Linux distributions -------------------------------------------------------------------------------- Update Information: Updated Copr keys and rpmfusion keys. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438302 - distribution-gpg-keys please add rpmfusion keys for f26/f27 for free and nonfree sections https://bugzilla.redhat.com/show_bug.cgi?id=1438302 -------------------------------------------------------------------------------- ================================================================================ dnfdragora-1.0.0-12.git20170402.f3ca28b.fc25 (FEDORA-2017-790958037b) DNF package-manager based on libYui abstraction -------------------------------------------------------------------------------- Update Information: * Updated to snapshot with improved icons and some fixed translations -------------------------------------------------------------------------------- ================================================================================ engauge-digitizer-10.0-1.fc25 (FEDORA-2017-913eb8a4f9) Convert graphs or map files into numbers -------------------------------------------------------------------------------- Update Information: - Update to 10.0 -------------------------------------------------------------------------------- ================================================================================ flrig-1.3.30-1.fc25 (FEDORA-2017-e0615d087f) Transceiver control program -------------------------------------------------------------------------------- Update Information: Recent changes to FT817ND back end adversely effected both FT857D and FT897D transceivers which had a class dependency to the FT817ND. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436891 - flrig-1.3.30 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436891 -------------------------------------------------------------------------------- ================================================================================ gdk-pixbuf2-2.36.6-1.fc25 (FEDORA-2017-68626b63de) An image loading library -------------------------------------------------------------------------------- Update Information: gdk-pixbuf 2.36.6 release. * jpeg: Support the EXIF tag (#143608) * ico: Make option parsing locale-independent (#776990) * Fix build on Windows * Translation updates -------------------------------------------------------------------------------- ================================================================================ gfal2-2.13.3-1.fc25 (FEDORA-2017-268aa7e30e) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.9.2-1.fc25 (FEDORA-2017-1d278aeaea) Python bindings for gfal 2 -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ================================================================================ gnome-calendar-3.22.4-1.fc25 (FEDORA-2017-22d403a46c) Simple and beautiful calendar application designed to fit GNOME 3 -------------------------------------------------------------------------------- Update Information: gnome-calendar 3.22.4 release. * Fix outstanding performance issue in Year view -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-media-player-indicator-0-0.9.20170401git2be196b.fc25 (FEDORA-2017-c47439132c) Control MPRIS2 capable media players: Rhythmbox, Banshee, Clementine and more -------------------------------------------------------------------------------- Update Information: Update to 0-0.9.20170401git2be196b -------------------------------------------------------------------------------- ================================================================================ hwdata-0.299-1.fc25 (FEDORA-2017-a2e71f104b) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ ibus-typing-booster-1.5.30-1.fc25 (FEDORA-2017-6bbd44759e) A completion input method -------------------------------------------------------------------------------- Update Information: update to 1.5.30 -------------------------------------------------------------------------------- ================================================================================ mate-icon-theme-1.16.1-1.fc25 (FEDORA-2017-ce31205b89) Icon theme for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 1.18.1 release - added nation iso flags -------------------------------------------------------------------------------- ================================================================================ nss-3.29.3-1.1.fc25 (FEDORA-2017-83de9e1c7c) Network Security Services -------------------------------------------------------------------------------- Update Information: Backport necessary changes for bug 1207335 from NSS 3.30. -------------------------------------------------------------------------------- ================================================================================ nss-util-3.29.3-1.1.fc25 (FEDORA-2017-83de9e1c7c) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: Backport necessary changes for bug 1207335 from NSS 3.30. -------------------------------------------------------------------------------- ================================================================================ opencryptoki-3.6.2-1.fc25 (FEDORA-2017-f8a6140001) Implementation of the PKCS#11 (Cryptoki) specification v2.11 -------------------------------------------------------------------------------- Update Information: Rebase to 3.6.2 -------------------------------------------------------------------------------- ================================================================================ openldap-2.4.44-10.fc25 (FEDORA-2017-6e992252aa) LDAP support libraries -------------------------------------------------------------------------------- Update Information: Enhance OpenLDAP to support TLSv1.3. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435689 - Enhance OpenLDAP to support TLSv1.3 protocol with NSS https://bugzilla.redhat.com/show_bug.cgi?id=1435689 -------------------------------------------------------------------------------- ================================================================================ p11-kit-0.23.2-3.fc25 (FEDORA-2017-0dc6f0c054) Library for loading and sharing PKCS#11 modules -------------------------------------------------------------------------------- Update Information: Backport the patch to recognize CKA_NSS_MOZILLA_CA_POLICY used for HPKP in Firefox -------------------------------------------------------------------------------- ================================================================================ pcre2-10.23-5.fc25 (FEDORA-2017-433b2a46f7) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes DFA magch for a possessively repeated character class and a memory allocator from the pattern if no context is supplied to pcre2_match(). -------------------------------------------------------------------------------- ================================================================================ perl-Test-Dir-1.15-1.fc25 (FEDORA-2017-16fe8b8d67) Some simple tests on directories and folders -------------------------------------------------------------------------------- Update Information: This release fixes building on Perl without "." in @INC path. We deliver this release only to provide up-to-date version string. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438208 - perl-Test-Dir-1.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438208 -------------------------------------------------------------------------------- ================================================================================ php-container-interop-1.2.0-3.fc25 (FEDORA-2017-a777a56075) Promoting the interoperability of container objects (DIC, SL, etc.) -------------------------------------------------------------------------------- Update Information: ## 1.2.0 This release deprecates container-interop in favor of PSR-11 which becomes the official container-interop successor. Container-interop interfaces now extend the PSR-11 interfaces, in order to smooth transition to PSR-11. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422487 - php-container-interop-1.2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1422487 -------------------------------------------------------------------------------- ================================================================================ php-di-5.4.2-1.fc25 (FEDORA-2017-e45fd975a0) The dependency injection container for humans -------------------------------------------------------------------------------- Update Information: ## 5.4.2 Minor patch to add the provide: `psr/container-implementation` to `composer.json` ## 5.4.1 - [PSR-11](http://www.php-fig.org/psr/) compliance Note that PHP-DI was already compliant with PSR-11 because it was implementing container-interop, and container-interop 1.2 extends PSR-11. This new version just makes it more explicit and will allow to drop container-interop support in the next major versions. ## 5.4 Read the [news entry](news/20-php- di-5-4-released.md). New features: - [#362](https://github.com/PHP-DI/PHP- DI/issues/362) implemented in [#428](https://github.com/PHP-DI/PHP-DI/pull/428), [#430](https://github.com/PHP-DI/PHP-DI/pull/430), [#431](https://github.com /PHP-DI/PHP-DI/pull/431) and [#432](https://github.com/PHP-DI/PHP-DI/pull/432): factory parameters can now be configured, for example: ```php return [ 'Database' => DI\factory(function ($host) {...}) ->parameter('host', DI\get('db.host')), ]; ``` Read the [factories documentation](http ://php-di.org/doc/php-definitions.html#factories) to learn more. Feature implemented by [@predakanga](https://github.com/predakanga). Improvements: - [#429](https://github.com/PHP-DI/PHP-DI/pull/429): performance improvements in definition resolution (by [@mnapoli](https://github.com/mnapoli)) - [#421](https://github.com/PHP-DI/PHP-DI/issues/421): once a `ContainerBuilder` has built a container, it is locked to prevent confusion when adding new definitions to it (by [@mnapoli](https://github.com/mnapoli)) - [#423](https://github.com/PHP-DI/PHP-DI/pull/423): improved exception messages (by [@mnapoli](https://github.com/mnapoli)) ## 5.3 Read the [news entry](news/19-php-di-5-3-released.md). - release of the [2.0 version](https://github.com/PHP-DI/Symfony-Bridge/releases/tag/2.0.0) of the Symfony bridge (by [@mnapoli](https://github.com/mnapoli)) - PHP 5.5 or above is now required - a lot of documentation improvements by 9 different contributors - [#389](https://github.com/PHP-DI/PHP-DI/pull/389): exception message improvement by [@mopahle](https://github.com/mopahle) - [#359](https://github.com/PHP-DI /PHP-DI/issues/359), [#411](https://github.com/PHP-DI/PHP-DI/issues/411), [#414](https://github.com/PHP-DI/PHP-DI/pull/414), [#412](https://github.com /PHP-DI/PHP-DI/pull/412): compatibility with ProxyManager 1.* and 2.* (by [@holtkamp](https://github.com/holtkamp) and [@mnapoli](https://github.com/mnapoli)) - [#416](https://github.com/PHP-DI/PHP- DI/pull/416): dumping definitions was refactored into a more lightweight and simple solution; definition "dumpers" have been removed (internal classes), definitions can now be cast to string directly (by [@mnapoli](https://github.com/mnapoli)) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1435627 - php-di-5.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435627 -------------------------------------------------------------------------------- ================================================================================ php-firebase-php-jwt-4.0.0-1.fc25 (FEDORA-2017-9b26c59a33) A simple library to encode and decode JSON Web Tokens (JWT) -------------------------------------------------------------------------------- Update Information: A simple library to encode and decode JSON Web Tokens (JWT) in PHP, conforming to RFC 7519 [1]. [1] https://tools.ietf.org/html/rfc7519 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1431377 - Review Request: php-firebase-php-jwt - A simple library to encode and decode JSON Web Tokens (JWT) https://bugzilla.redhat.com/show_bug.cgi?id=1431377 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Form-2.0.17-1.fc25 (FEDORA-2017-c52ade5708) Horde Form API -------------------------------------------------------------------------------- Update Information: **Horde_Form 2.0.17** * [jan] Fix regression when submitting multiple forms (Bug #14604). -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHP-CodeCoverage-4.0.8-1.fc25 (FEDORA-2017-2bd8badd30) PHP code coverage information -------------------------------------------------------------------------------- Update Information: **Version 4.0.8** - 2017-04-02 * Fixed [#515](https://github.com/sebastianbergmann/php-code-coverage/pull/515): Wrong use of recursive iterator causing duplicate entries in XML coverage report -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-5.7.19-1.fc25 (FEDORA-2017-40d20e65b1) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 5.7.19** - 2017-04-03 * Fixed [#2638](https://github.com/sebastianbergmann/phpunit/pull/2638): Regression in `PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` **Version 5.7.18** - 2017-04-02 * Fixed [#2145](https://github.com/sebastianbergmann/phpunit/issues/2145): `--stop-on- failure` fails to stop on PHP 7 * Fixed [#2572](https://github.com/sebastianbergmann/phpunit/issues/2572): `PHPUnit\Framework\TestCase:registerMockObjectsFromTestArguments()` does not correctly handle arrays that reference themselves -------------------------------------------------------------------------------- ================================================================================ php-react-dns-0.4.7-1.fc25 (FEDORA-2017-55dc60dc09) Async DNS resolver -------------------------------------------------------------------------------- Update Information: ## 0.4.7 (2017-03-31) * Feature: Forward compatibility with upcoming Socket v0.6 and v0.7 component (#57 by @clue) ## 0.4.6 (2017-03-11) * Fix: Fix DNS timeout issues for Windows users and add forward compatibility with Stream v0.5 and upcoming v0.6 (#53 by @clue) * Improve test suite by adding PHPUnit to `require-dev` (#54 by @clue) ## 0.4.5 (2017-03-02) * Fix: Ensure we ignore the case of the answer (#51 by @WyriHaximus) * Feature: Add `TimeoutExecutor` and simplify internal APIs to allow internal code re-use for upcoming versions. (#48 and #49 by @clue) ## 0.4.4 (2017-02-13) * Fix: Fix handling connection and stream errors (#45 by @clue) * Feature: Add examples and forward compatibility with upcoming Socket v0.5 component (#46 and #47 by @clue) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1421888 - php-react-dns-0.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421888 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-feed-2.8.0-2.fc25 (FEDORA-2017-1ffbde2f2d) Zend Framework Feed component -------------------------------------------------------------------------------- Update Information: **Version 2.8.0** - 2017-04-02 * Added - [#27](https://github.com/zendframework/zend-feed/pull/27) adds a documentation chapter demonstrating wrapping a PSR-7 client to use with `Zend\Feed\Reader`. - [#22](https://github.com/zendframework/zend-feed/pull/22) adds missing ExtensionManagerInterface on Writer\ExtensionPluginManager. - [#32](https://github.com/zendframework/zend-feed/pull/32) adds missing ExtensionManagerInterface on Reader\ExtensionPluginManager. * Removed - [#38](https://github.com/zendframework/zend-feed/pull/38) dropped php 5.5 support * Fixed - [#35](https://github.com/zendframework/zend- feed/pull/35) fixed "A non-numeric value encountered" in php 7.1 - [#39](https://github.com/zendframework/zend-feed/pull/39) fixed protocol relative link absolutisation - [#40](https://github.com/zendframework/zend- feed/pull/40) fixed service manager v3 compatibility aliases in extension plugin managers -------------------------------------------------------------------------------- ================================================================================ python-astroquery-0.3.5-1.fc25 (FEDORA-2017-9649151bd2) Python module to access astronomical online data resources -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437267 - python-astroquery-0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437267 -------------------------------------------------------------------------------- ================================================================================ python-jedi-0.10.0-1.fc25 (FEDORA-2017-b6670e6168) An auto completion tool for Python that can be used for text editors -------------------------------------------------------------------------------- Update Information: - Latest upstream - Upstream license changed to MIT and Python - Align spec with Python packaging guidelines -------------------------------------------------------------------------------- References: [ 1 ] Bug #1418880 - python-jedi-0.10.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1418880 -------------------------------------------------------------------------------- ================================================================================ sudo-1.8.19p2-1.fc25 (FEDORA-2017-6e8f083022) Allows restricted root access for specified users -------------------------------------------------------------------------------- Update Information: ### update to 1.8.19p2 * The syslog priority (syslog_goodpri and syslog_badpri) can now be negated or set to none to disable logging of successful or unsuccessful sudo attempts via syslog. * New syslog_maxlen Defaults option to control the maximum size of syslog messages generated by sudo. * Visudo will now use the file and line number information about an unknown or unparsable Defaults entry to go directly to the file with the problem. * Fixed a crash in visudo when an IP address or network is used in a host-based Defaults entry. * Fixed a bug where the "all" setting for verifypw and listpw was not being honored. -------------------------------------------------------------------------------- ================================================================================ vala-0.34.7-1.fc25 (FEDORA-2017-838380a782) A modern programming language for GNOME -------------------------------------------------------------------------------- Update Information: vala 0.34.7 release with bug fixes and binding updates. -------------------------------------------------------------------------------- ================================================================================ xorgxrdp-0.2.1-1.fc25 (FEDORA-2017-7bd002b77c) Implementation of xrdp backend as Xorg modules -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- ================================================================================ xrdp-0.9.2-2.fc25 (FEDORA-2017-7bd002b77c) Open source remote desktop protocol (RDP) server -------------------------------------------------------------------------------- Update Information: New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default. - Bitmap updates support is now enabled by default. - TLS ciphers suites and version is now logged. - Connected computer name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. - Miscellaneous RemoteFX codec mode improvements. - Socket directory is configurable at the compile time. Bugfixes in xrdp: - Parallels client for MacOS / iOS can now connect (audio redirection must be disabled on client or xrdp server though). - MS RDP client for iOS can now connect using TLS security layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions (4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored and rdp security layer could be used instead. - Kill disconnected sessions feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc- minimal. VNC is still the default. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1433959 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
